CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

Astra Linux – Vulnerability in node-es5-ext

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. This vulnerability has been fixed in v0.10.63...

CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

DEBIAN-CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

CVE-2020-37167 ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

Uncontrolled Search Path Element

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker...

EUVD-2024-0845

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a runtime warning in the truncatefoliobatchexceptionals function...

SUSE CVE-2022-49100

In the Linux kernel, the following vulnerability has been resolved: virtioconsole: eliminate anonymous moduleinit & moduleexit Eliminate anonymous moduleinit and moduleexit, which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcalldebug log. Give each of...

PT-2024-22680 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.5 and 7.0.0-alpha.29 Description: The issue arises when an invalid Parse Server Cloud Function name or Cloud Job name is called, potentially leading to code injection, internal store manipulation, or remote...

es5-ext Security Vulnerability

es5-ext is an ECMAScript extension from the individual developer Mariusz Nowak. A security vulnerability exists in es5-ext prior to v0.10.63, which stems from the use of functions with very long names or complex default parameter names that may cause the script to halt...

PT-2023-35633 · Git +1 · Harfbuzz

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue has been identified, potentially causing a crash. The crash type is specified as Heap-buffer-overflow READ 2. The crash...

PT-2023-17141 · Iobit · Iobit Malware Fighter

Name of the Vulnerable Software and Affected Versions: IObit Malware Fighter version 9.4.0.776 Description: A vulnerability has been found in the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler, leading to...

PT-2023-35545 · Git +1 · Wolfssl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details include the crash type and state, with specific function names such as...

PT-2022-37308 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-double-free crash. Technical details about the crash include the function names sc pkcs15 encode df, sc pkcs15init update...

PT-2022-37271 · Git +1 · Wasm3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 8 crash has been reported. The crash state includes functions such as AcquireCodePageWithCapacity, CompileElseBlock, and Compi...

GHSA-5FFJ-MPH5-C5HV Appwrite Vulnerable to Cross-site Scripting

Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names...

Appwrite Vulnerable to Cross-site Scripting

Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names...