CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

CVE-2025-7105 Denial of Service via JavaScript Memory Overflow in danny-avila/librechat

A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service...

CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

Microsoft Edge (Chromium) < 142.0.3595.66 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 142.0.3595.66. It is, therefore, affected by multiple vulnerabilities as referenced in the November 6, 2025 advisory. - Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote...

EUVD-2024-1632

Malicious code in bioql PyPI...

Malicious code in javascript-heap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83e06344668ac9569d6453b98d15e492e35ad313b880f085c08f7600b977a837 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-4068

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

CVE-2024-4068

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

CVE-2024-4068

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

CVE-2024-4068 Memory Exhaustion in braces

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

Firefox Integer overflow leading to a buffer overflow in nsScriptLoadHandler (CVE-2016-9066)

This post will explore how CVE-2016-9066, a simple but quite interesting from an exploitation perspective vulnerability in Firefox, can be exploited to gain code execution. tl;dr an integer overflow in the code responsible for loading script tags leads to an out-of-bounds write past the end of an...

Out-of-bounds read/write through neutering ArrayBuffer objects — Mozilla

Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for...

迅雷ActiveX控件远程代码执行漏洞

迅雷是一款在中国非常流行的基于P2SP技术的下载软件。更多详细信息请参考： http://www.xunlei.com 在迅雷5的一个ActiveX控件中存在一个远程代码执行漏洞，远程攻击者可利用此漏洞在被攻击者系统上以当前浏览器权限执行任意代码，进而可安装木马以及间谍程序。 漏洞存在于由ActiveX控件"DapCtrl.dll"导出的"Put"函数中，相关信息如下： InprocServer32: C:\Documents and Settings\All Users\Application Data\Thunder...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2090)

This security update brings Mozilla Firefox to version 1.5.0.7. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It fixes the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory corruption MFSA...

Program Checker (sasatl.dll 1.5.0.531) Javascript Heap Spraying Exploit

Exploit for unknown platform in category remote exploits ======================================================================= Program Checker sasatl.dll 1.5.0.531 Javascript Heap Spraying Exploit ======================================================================= :. GOODFELLAS Security...

Fixed in Firefox 1.5.0.7

MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-62 Popup-blocker cross-site scripting XSS MFSA 2006-61 Frame spoofing using document.open MFSA 2006-60 RSA Signature Forgery MFSA 2006-59 Concurrency-related vulnerability MFSA 2006-58 Auto-Update compromise through DNS...