CVE-2026-44291

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup table...

CVE-2025-65945

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

EUVD-2022-29628

Malicious code in bioql PyPI...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

AZL-40480 CVE-2024-24788 affecting package golang for versions less than 1.22.3-1

A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop...

nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

CVE-2022-31095

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

Access control bypass

An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Apache-Log4j-POC CVE-2021-44228 Proof of Concept of apache log...

BSA-2021-1655

Security Advisory ID : BSA-2021-1655 Component : Apache Log4j StrSubstitutor Revision : 1.0 Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layo...

AZL-78998 CVE-2021-33195 affecting package golang 1.25.7-1

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...

Netgear DGN2201 v1/v2/v3/v4 dnslookup.cgi Remote Command Execution

!/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all versions - by manipulating the httpd config files to trick the...

PT-2016-1279 · Mozilla +5 · Firefox +9

Name of the Vulnerable Software and Affected Versions: Graphite 2 versions 1.2.4 and earlier Mozilla Firefox versions prior to 43.0 Mozilla Firefox ESR versions 38.x prior to 38.6.1 Thunderbird affected versions not specified Description: The issue is related to the TtfUtil:LocaLookup function in...

Juniper ScreenOS 6.3 < 6.3.0r17 DNS Lookup DoS

The remote host is running a version of Juniper ScreenOS 6.3 prior to 6.3.0r17. It is, therefore, affected by a denial of service vulnerability. A denial of service flaw exists in the built-in DNS lookup client. The flaw could allow a remote attacker to cause the device to crash or reboot, and...