CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

CVE-2026-1245

CVE-2026-1245 is a code-injection vulnerability in the binary-parser library, affecting versions prior to 2.3.0. The issue arises from unsanitized values used in parser field names or encoding parameters, which are directly interpolated into dynamically generated code (via the Function constructo...

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

CVE-2026-1245 CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

CVE-2026-1245 CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

Denial Of Service (DoS)

SvelteKit is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded memory allocation when processing crafted binary form payloads in the experimental form remote function, allowing attackers to exhaust server memory and disrupt service availability...

MiracleLinux 9 : buildah-1.31.4-1.el9_3 (AXSA:2024-7581:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7581:01 advisory. ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 Tenable has extracted the preceding description block directly from the MiracleLin...

PT-2026-3643

Name of the Vulnerable Software and Affected Versions binary-parser versions prior to 2.3.0 Description A code injection flaw exists in the binary-parser library. This issue allows for arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters...

Binary-parser security vulnerability

Binary-parser is a build tool developed by Keichi Takahashi. Versions of Binary-parser prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of unreliable values in parsing field names or encoding parameters, which allowed those values to be directly insert...

MiracleLinux 8 : openssh-8.0p1-19.el8_9.2 (AXSA:2024-7493:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7493:01 advisory. ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential command injection via shell metacharacters...

MiracleLinux 8 : freeradius:3.0 (AXSA:2023-5978:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5978:01 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...

MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

MiracleLinux 8 : python3-3.6.8-56.el8_9.2.ML.1 (AXSA:2024-7423:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7423:01 advisory. python: use after free in heappushpop of heapq module CVE-2022-48560 python: DoS when processing malformed Apple Property List files in binary forma...

Code injection vulnerability in binary-parser library

Overview The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public...

PT-2026-4822

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description pnpm, a package manager, contains a flaw in its binary fetcher that permits malicious packages to write files outside the designated extraction directory. This issue arises from two attack vectors:...

CVE-2026-22803

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...

CVE-2021-47847

CVE-2021-47847 affects Disk Sorter Server 13.6.12. It contains an unquoted service path vulnerability in the binary path configuration of disksrs.exe located at C:\Program Files\Disk Sorter Server\bin\disksrs.exe, enabling local attackers to inject malicious executables and escalate privileges. T...

CVE-2021-47847 Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

nightmare-exploit-roadmap

🌙 nightmare-exploit-roadmap - Your Guide to Binary Exploitatio...

CVE-2021-47806

Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables...