156 matches found
GHSA-J687-52P2-XCFF Astro: XSS in define:vars via incomplete </script> tag sanitization
Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...
PT-2026-34233
Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...
Out-of-bounds Read
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Out-of-bounds Read
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Out-of-bounds Read
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2026-33905
CVE-2026-33905 affects ImageMagick. In versions prior to 7.1.2-19 and 6.9.13-44, the -sample operation can trigger an out-of-bounds read when the offset is set via the sample:offset define, as described in multiple feeds (NVD, CVE, and vendor advisories). The root cause is an out-of-bounds read i...
CVE-2026-39881
CVE-2026-39881 : Vim prior to 9.2.0316 is vulnerable to a command-injection in Vim's netbeans interface. The issue arises from unsanitized strings in the defineAnnoType and specialKeys protocol messages, allowing a malicious NetBeans server that Vim connects to to execute arbitrary Ex commands. T...
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
GHSA-XJPJ-3MR7-GCPF Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...
Prototype Pollution
Overview apidoc-core is a Core parser library to generate apidoc result following the apidoc-spec Affected versions of this package are vulnerable to Prototype Pollution via the preProcess function in apigroup.js, apiparamtitle.js, apiuse.js, and apipermission.js. An attacker can alter object...
EUVD-2025-205451
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
PT-2025-53598
Name of the Vulnerable Software and Affected Versions apidoc-core versions 0.2.0 and subsequent versions Description A prototype pollution issue exists in apidoc-core. This allows remote attackers to modify JavaScript object prototypes through malformed data structures, specifically the “define”...
expat: Integer overflow in defineAttribute in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
EUVD-2025-198890
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
UBUNTU-CVE-2025-40213
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...
OSV-2025-879 Use-of-uninitialized-value in JS_DefineProperty
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=457858149 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...
OSV-2025-835 Heap-use-after-free in JS_DefineProperty
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451334094 Crash type: Heap-use-after-free READ 8 Crash state: JSDefineProperty buildbacktrace JSCallInternal...
OSV-2025-824 Use-of-uninitialized-value in JS_DefineProperty
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=449772271 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...
CVE-2025-38633
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1d8 as critical The pll1d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabl...