Prototype Pollution

dref is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the lib.set function, which allows an attacker to inject malicious properties into the Object.prototype, leading to a potential denial of service DoS condition...

EUVD-2025-31114

Malicious code in bioql PyPI...

CVE-2025-26278

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

@diningcity/capacitor-qr-scanner (>=0.0.7 <=0.0.8), @mojitonft/hooks (=1.0.1-alpha.4) +93 more potentially affected by CVE-2025-26278 via dref (=0.0.6)

dref NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on dref and may be impacted: - @diningcity/capacitor-qr-scanner =0.0.7, =1.7.0, =0.0.1, =11.1.1, =3.3.3, =0.0.0-beta, =0.0.2, =1.0.2, =0.0.40, =0.0.2, =0.0.1, =0.0.1, =0.1.0, =0.1.19...

@diningcity/capacitor-qr-scanner (>=0.0.7 <=0.0.8), @mojitonft/hooks (=1.0.1-alpha.4) +93 more potentially affected by CVE-2025-26278 via dref (=0.0.6)

dref NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on dref and may be impacted: - @diningcity/capacitor-qr-scanner =0.0.7, =1.7.0, =0.0.1, =11.1.1, =3.3.3, =0.0.0-beta, =0.0.2, =1.0.2, =0.0.40, =0.0.2, =0.0.1, =0.0.1, =0.1.0, =0.1.19...

dref is vulnerable to prototype pollution

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

GHSA-76G8-235F-GJ6P dref is vulnerable to prototype pollution

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

dref 安全漏洞

dref is a DNS rebinding exploit framework open-sourced by F-Secure LABS. A security vulnerability exists in dref version 0.1.2, which stems from prototype contamination in the lib.set function and could lead to a denial-of-service attack...

CVE-2025-26278

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

PT-2025-39378

Name of the Vulnerable Software and Affected Versions dref version 0.1.2 Description A prototype pollution issue exists in the lib.set function. This allows attackers to potentially cause a Denial of Service DoS by providing a specially crafted payload. The issue involves manipulating the prototy...

CVE-2025-26278

CVE-2025-26278 describes a prototype pollution in dref v0.1.2 via the lib.set function, allowing an attacker to cause a Denial of Service. Affected component: dref (JavaScript library). Root cause: unsafe/object recursive merge or path-based pollution enabling properties to be injected into Objec...

CVE-2025-26278

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

SUSE CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

libquicktime Denial of Service Vulnerability (CNVD-2017-11755)

libquicktime is a library for reading and writing files in quicktime, avi and mp4 formats. A security vulnerability exists in the 'quicktimereaddreftable' function in the dref.c file in libquicktime version 1.2.4. A remote attacker can exploit this vulnerability to cause a denial of service heap...

DEBIAN-CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

UBUNTU-CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0023 Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7090 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size and type of a dat...

Apple QuickTime dref Atom Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Memory corruption

Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted dref atom in a movie file...

Apple QuickTime dref Volume Name Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a...