11563 matches found
CVE-2025-11014
CVE-2025-11014 affects OGRECave OGRE up to 14.4.1, specifically the function STBIImageCodec::encode in OgreSTBICodec.cpp under the Image Handler. The issue is a heap-based buffer overflow, exploitable via local access, with an exploit publicly released. Several connected sources (Snyk entries and...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
MAL-2025-47661 Malicious code in example-custom-cart-method (npm)
--- -= Per source details. Do not edit below this line.=-...
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-49860: ACPI: sysfs: validate return type of STR method bsc1231862. CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38181: calipso: Fix...
PT-2025-39389
Name of the Vulnerable Software and Affected Versions cors-anywhere affected versions not specified Description Instances of cors-anywhere configured as an open proxy permit unauthenticated external users to initiate HTTP requests to arbitrary targets, leading to Server-Side Request Forgery SSRF...
CVE-2025-56769
CVE-2025-56769 affects chinabugotech Hutool (hutool/ hutool-extra) prior to version 5.8.4 (and related advisories mention 5.8.40) due to insecure handling in the QLExpressEngine . The issue lets an attacker craft expressions that cause arbitrary method invocation, enabling potential remote code e...
GHSA-2J4C-9QQQ-896R web3-core-method is vulnerable to prototype pollution
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +6581 more potentially affected by CVE-2025-57329 via web3-core-method (>=1.0.0-beta.52 <=3.0.0-rc.5)
web3-core-method NPM version =1.0.0-beta.52, =1.0.0, =0.0.3, =0.0.3, =0.0.31, =1.1.0, =0.9.9, =0.1.0, =0.1.1 - 55tools-block =1.0.0 - 55tools-block-ext =1.0.0 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2025-57329 Source advisory: SNYK:JS-WEB3COREMETHOD-13110028...
web3-core-method is vulnerable to prototype pollution
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
0x-relayer-cat (>=0.0.3 <=0.0.10), @1-dao-protocol/juice-contracts-v3 (>=3.1.3 <=3.1.4) +1438 more potentially affected by CVE-2025-57329 via web3-core-method (>=1.0.0-beta.52 <=1.10.3)
web3-core-method NPM version =1.0.0-beta.52, =0.0.3, =3.1.3, =1.0.2, =2.0.3, =1.14.5, =1.0.7, =0.1.0, =10.4.0, =9.0.0, =9.2.0 - @acentswap/aceswap-sdk =9.0.0 and more Source cves: CVE-2025-57329 Source advisory: OSV:GHSA-2J4C-9QQQ-896R...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-59433
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
cups: Authentication Bypass in CUPS Authorization Handling
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...
PT-2025-39328
Name of the Vulnerable Software and Affected Versions web3-core-method versions 1.10.4 and earlier Description A Prototype Pollution issue exists in the attachToObject function of web3-core-method. Attackers can inject properties onto Object.prototype by providing a crafted payload. This can lead...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-57329
CVE-2025-57329 affects the JavaScript package web3-core-method (attachToObject) up to version 1.10.4. A prototype pollution flaw allows an attacker-supplied payload to inject properties into Object.prototype, potentially causing a denial of service (DoS) as the minimum consequence. Public referen...
U.S. Dept Of Defense: Cross-Site Scripting via URL on ███████
A Cross-Site Scripting XSS vulnerability was discovered on an official domain from the Department of Defense. The vulnerability could be exploited through the GET method, allowing an attacker to inject malicious scripts that could potentially be executed. No further details were provided...