10791 matches found
SUSE CVE-2026-30860
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the getupperifindexes function not checking array boundaries, potentially leading to a stack buff...
Linux Distros Unpatched Vulnerability : CVE-2026-23354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed...
GHSA-C875-H985-HVRC Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service
Summary Scriban's LoopLimit only applies to script loop statements, not to expensive iteration performed inside operators and builtins. An attacker can submit a single expression such as 1..1000000 | array.size and force large amounts of CPU work even when LoopLimit is set to a very small value...
Uncontrolled Recursion
Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...
Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix
Summary StackOverflowException via nested array initializers bypasses ExpressionDepthLimit fix GHSA-wgh7-7m3c-fx25 Details The recent fix for GHSA-wgh7-7m3c-fx25 uncontrolled recursion in parser added ExpressionDepthLimit defaulting to 250. However, deeply nested array initializers ... recurse...
GHSA-P6Q4-FGR8-VX4P Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix
Summary StackOverflowException via nested array initializers bypasses ExpressionDepthLimit fix GHSA-wgh7-7m3c-fx25 Details The recent fix for GHSA-wgh7-7m3c-fx25 uncontrolled recursion in parser added ExpressionDepthLimit defaulting to 250. However, deeply nested array initializers ... recurse...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in qs (parse modules) (CVE-2025-15284)
Summary A vulnerability in qs parse modules that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the EncodeGroupId function when processing a malformed group-id-list parameter. An attacker can cause the application to panic and terminate unexpectedly by supplying specially crafted input...
USN-8118-1: sized-chunks vulnerabilities
Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to cause out-of-bounds access, leading to memory corruption or undefined behavior. CVE-2020-25791, CVE-2020-25792, CVE-2020-25793 Yechan Bae discovered...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to inefficient decoding of array-based streams, where accessing an array-based stream with many entries leads to long runtimes and large memory usage, and attackers can exploit it by crafting a malicious PDF with a large array-bas...
Denial Of Service (DoS)
Micronaut Framework is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of descending array index order in JsonBeanPropertyBinder::expandArrayToThreshold, where crafted form-urlencoded parameters can trigger a non-terminating loop, leading to CPU exhaustion and...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
DEBIAN-CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...