210 matches found
Malicious code in datetime-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc38777296d43cff21c9e56d16208c8925c6dc25b5dec4227823da94096433d The package presents itself as a lightweight datetime utility but its main entry datetime.js invokes collect from ./index.js at top level, so any...
symfony/ux-live-component Format-less date LiveProps parsed with the permissive DateTime constructor
Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow",...
CVE-2026-44375
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
EUVD-2026-30299
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44375
The CVE-2026-44375 entry affects Nerdbank.MessagePack. The vulnerability arises in DateTime decoding where the reader can be fed a malicious MessagePack payload declaring an oversized timestamp extension length, enabling an attacker-controlled amount of stack memory to be allocated via stackalloc...
Nerdbank.MessagePack 安全漏洞
Nerdbank.MessagePack is a .NET platform-specific MessagePack serialization library developed by Andrew Arnott. Versions of Nerdbank.MessagePack prior to 1.1.62 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled stack allocation during DateTime decoding. Malicious...
GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...
PT-2026-38312
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...
CVE-2025-15553
creationtimestamp| type| source ---|---|--- 2026-04-20 17:20:51+00:00| seen| Telegram/GfeUhnyJYShCjvs7rm1XQAQJnKqowYjnl2h2DVxLAV4-eNA...
CVE-2019-25431
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431 delpino73 Blue-Smiley-Organizer 1.32 SQL Injection via datetime
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431 delpino73 Blue-Smiley-Organizer 1.32 SQL Injection via datetime
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
CVE-2019-25431
CVE-2019-25431 affects delpino73’s Blue-Smiley-Organizer 1.32. The issue is an SQL injection in the datetime parameter that allows unauthenticated attackers to manipulate queries. Attacks can inject SQL through POST requests to extract sensitive data using boolean-based blind or time-based blind ...
PT-2026-21309
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...
Blue-Smiley-Organizer SQL注入漏洞
Blue-Smiley-Organizer is a calendar management tool personally developed by Oliver Antosch. Version 1.32 of Blue-Smiley-Organizer contains an SQL injection vulnerability. This vulnerability stems from the datetime parameter, which allows for SQL injections, potentially enabling unverified attacke...