Lucene search
K

79 matches found

EUVD
EUVD
added 2026/01/15 6:59 p.m.7 views

EUVD-2026-2680

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.2AI score0.0057EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/15 6:53 p.m.3 views

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.3AI score0.0057EPSS
Exploits0References3
OSV
OSV
added 2026/01/15 6:53 p.m.5 views

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References10
EUVD
EUVD
added 2026/01/15 6:53 p.m.9 views

EUVD-2026-2790

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.2AI score0.0057EPSS
Exploits0References5
CVE
CVE
added 2026/01/15 6:53 p.m.17 views

CVE-2026-22774

CVE-2026-22774 affects the Svelte devalue library. From versions 5.3.0 through 5.6.1, certain inputs trigger devalue.parse to consume excessive CPU time and memory when processing untrusted data, potentially causing denial of service. Root cause: typed array hydration assumes an ArrayBuffer input...

7.5CVSS6.4AI score0.0057EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/01/15 6:10 p.m.4 views

Asymmetric Resource Consumption (Amplification)

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification due to the improper ArrayBuffer type validation in the...

8.7CVSS6.8AI score0.0057EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 6:10 p.m.2 views

GHSA-VW5P-8CQ8-M7MV Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/01/15 6:10 p.m.12 views

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...

7.5CVSS6.8AI score0.0057EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3092

Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.3.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service in systems that parse input from untrusted...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.10 views

Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.3.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the type array hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.10 views

Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.1.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the ArrayBuffer hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3102

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

5.3CVSS6.6AI score0.00301EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Svelte cross-site scripting vulnerabilities

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.46.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML safe escaping during the asynchronous hydration process, allowing attackers to...

6.1CVSS5.8AI score0.00301EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/17 6:42 p.m.5 views

Arbitrary Code Injection

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...

9.8CVSS7.8AI score0.95376EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2025/07/17 6:16 p.m.31 views

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

9.8CVSS7.6AI score0.95376EPSS
Exploits5References4Affected Software1
The Hacker News
The Hacker News
added 2025/04/24 2:11 p.m.33 views

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to ...

7.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/08/05 7:48 p.m.10 views

@aneoconsultingfr/armonik-docs-theme (>=0.6.4 <=0.6.13), @cssninja/nuxt-media-viewer (>=0.0.4 <=0.0.15) +14 more potentially affected by CVE-2024-23657 via @nuxt/devtools (>=0.1.6 <=1.3.7)

@nuxt/devtools NPM version =0.1.6, =0.6.4, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =2.0.2, =0.2.5, =1.0.0, =0.0.1, =0.0.0-rc.29, =0.0.1, =2.0.0, =2.1.1 and more Source cves: CVE-2024-23657 Source advisory: OSV:GHSA-RCVG-RGF7-PPPV...

8.8CVSS7.4AI score0.01143EPSS
Exploits2
Veracode
Veracode
added 2024/01/31 7:21 a.m.15 views

Cross Site Scripting (XSS)

@tanstack/react-query-next-experimental is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the id variable within the createHydrationStreamProvider method, which allows an attacker to inject arbitrary JavaScript when react-query-next-experimental preforms...

8.2CVSS6.2AI score0.00385EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2023/06/13 6:30 p.m.5 views

@neutron.co.id/pemasaran-modules (>=1.1.1-beta.3 <=1.4.0), nuxt-hydration (>=0.0.1 <=0.1.0) potentially affected by CVE-2023-3224 via nuxt (=3.4.2)

nuxt NPM version =3.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on nuxt and may be impacted: - @neutron.co.id/pemasaran-modules =1.1.1-beta.3, =0.0.1, =0.1.0 Source cves: CVE-2023-3224 Source advisory: OSV:GHSA-GC34-5V43-H7V8...

9.8CVSS7.4AI score0.58648EPSS
Exploits2
Rows per page
Query Builder