982 matches found
Abseil 安全漏洞
Abseil is an Abseil generic library C++ open-sourced by Abseil. Abseil has a security vulnerability that stems from a buffer overflow problem caused by the size constructor, reserve and rehash methods of absl::flat,nodehashset,map not imposing an upper limit on its size parameter...
SUSE CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
CVE-2024-57513
A floating-point exception FPE vulnerability exists in the AP4TfraAtom::AP4TfraAtom function in Bento4...
Prototype Pollution
Overview org.webjars.bowergithub.shprink:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Outp...
AZL-55922 CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
CVE-2025-23090
CVE-2025-23090 is withdrawn as a duplicate of CVE-2025-23083. Connected records confirm CVE-2025-23083 affects Node.js packages for versions before 20.14.0-4, with patches available in advisory channels (nodejs20). These sources describe the same underlying issue and provide remediation guidance ...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions 20, 22, and 23 that stems from the diagnosticschannel tool that can hook a worker thread to create an event, allowing an attacker to obtain an...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the constructor of the Downloader class. An attacker can execute arbitrary JavaScript code in t...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the constructor of the Downloader class. An attacker can execute arbitrary JavaScript code in the user's browser by manipulating GET parameters name and type. Workaround This vulnerability can be mitigat...
CVE-2024-50280 dm cache: fix flushing uninitialized delayed_work on cache_ctr error
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...
The vulnerability of the PhysHdr class constructor in the CryptoManager.cpp module of the database management system “Red Database” allows a hacker to trigger a database access error.
The vulnerability of the PhysHdr class constructor in the CryptoManager.cpp module of the database management system “Red Database” is related to the fact that in some cases, when switching the database to incremental backup mode, the connection to this database would fail. Exploiting this...
dom-iterator code execution vulnerability
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
GHSA-JRVM-MCXC-MF6M dom-iterator code execution vulnerability
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
CVE-2024-21541 affects the npm package dom-iterator prior to version 1.0.1 . The vulnerability stems from use of the Function constructor without complete input sanitization, allowing an attacker-controlled input to generate a new function body, with risks similar to eval. This is corroborated by...
PT-2024-18954 · Unknown · Dom-Iterator
Name of the Vulnerable Software and Affected Versions: dom-iterator versions prior to 1.0.1 Description: The issue is related to Arbitrary Code Execution due to the use of the Function constructor without complete input sanitization. This allows an attacker to generate a new function body, posing...
kernel: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()
No description is available for this CVE...