910 matches found
qs 代码问题漏洞
QS is a JavaScript library developed by Jordan Harband. Versions of QS from 6.11.1 to 6.15.2 had code vulnerabilities. This vulnerability occurred when calling qs.stringify on an array containing null or undefined, with arrayFormat set to comma and encodeValuesOnly set to true. This resulted in a...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723
The CVE describes a bug in the qs library where tstringifying an object with arrayFormat: 'comma' and encodeValuesOnly: true fails if an array contains null or undefined. The failure is a synchronous TypeError caused by missing null guard in the encoding path: the code maps values with the encode...
CVE-2026-8723
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...
PT-2026-41469
Name of the Vulnerable Software and Affected Versions qs versions 6.11.1 through 6.15.1 Description The stringify function throws a TypeError when called with the options arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined elements. This occurs because the...
phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...
GHSA-H36G-93QX-RXGR phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...
CVE-2026-46363 phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...
Linux Distros Unpatched Vulnerability : CVE-2026-44636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation si...
PT-2026-41032
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel encode highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel encode entry point validates only that width and height are greater...
CLSA-2026-1778670864 php: Fix of CVE-2026-6735
CVE-2026-6735: HTML-encode proc.requesturi and tighten querystring entity flags in sapi/fpm/fpm/fpmstatus.c to fix XSS in PHP-FPM status endpoint...
GHSA-75PX-5XX7-5XC7 protobuf.js: Code generation gadget after prototype pollution
Summary protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type...
PT-2026-40540
Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs generates JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped befor...
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits
Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...
CVE-2026-43235
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...
JLSEC-2026-440
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...
Astra Linux - уязвимость в python-idna
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function’s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/notify: call exportfsencodefid with sumount Calling intotifyshowfdinfo on fd watching an overlayfs inode, while the overlayfs is being unmounted, can lead to dereferencing NULL ptr. This issue was found by syzkaller. Race...