PT-2025-39330

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 2.3.0 Description The messageformat package, a JavaScript implementation of the Unicode MessageFormat 2 specification, contains a flaw related to improper handling of message key paths. This can lead to prototyp...

PT-2025-39317

Name of the Vulnerable Software and Affected Versions messageformat versions prior to 3.0.1 Description The Runtime components of the messageformat package for Node.js are susceptible to a prototype pollution issue. Insufficient validation of nested message keys during message data processing...

PT-2025-39315

Name of the Vulnerable Software and Affected Versions csvtojson versions prior to 2.0.10 Description The csvtojson package has a flaw due to inadequate sanitization of nested header names during parsing. Processing CSV input with crafted header fields referencing prototype chains like using proto...

CVE-2025-57353

CVE-2025-57353 affects the Runtime components of the Node.js messageformat package (versions before 3.0.2). The issue is a prototype pollution vulnerability caused by insufficient validation of nested message keys during processing, allowing an attacker to modify Object.prototype and inject arbit...

messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 2.3.0 that stems from improper handling of nested message keys containing special characters, which could lead to...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

CVE-2025-57350

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

CVE-2025-57319

CVE-2025-57319 corresponds to a Prototype Pollution in the nestedRestore function of the fast-redact package (versions up to 3.5.0). The IBM security entries confirm multiple advisories stating this vulnerability can enable DoS by polluting Object.prototype, with the Supplier dispute noted in the...

CVE-2025-57319

fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS ...

CVE-2025-57349

The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special character...

messageformat 安全漏洞

messageformat is a messageformat open source ICU message format and Unicode message format library for Javascript. A security vulnerability exists in messageformat versions prior to 3.0.1, which stems from insufficient validation of nested message keys and could lead to a prototype pollution atta...

Denial Of Service (DoS)

llamaindexcore is vulnerable to Denial of Service DoS. The vulnerability is due to uncontrolled recursion when parsing deeply nested JSON files, which allows an attacker to cause high resource consumption and potential crashes of the Python process...

CVE-2023-53369

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

UBUNTU-CVE-2023-53369

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

CVE-2023-53369 net: dcb: choose correct policy to parse DCB_ATTR_BCN

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

CVE-2023-53369 net: dcb: choose correct policy to parse DCB_ATTR_BCN

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

CVE-2023-53369

CVE-2023-53369 affects the Linux kernel’s DCB BCN parsing (net: dcb) where dcbnl_bcn_setcfg erroneously parsed tb[DCB_ATTR_BCN] attributes using the dcbnl_pfc_up_nest policy. This mismatch could cause parsing to overflow the intended policy bounds and read attributes (DCB_BCN_ATTR_BCNA_0..DCB_BCN...

Linux Distros Unpatched Vulnerability : CVE-2023-53208

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested...

SUSE CVE-2023-53208

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

CVE-2023-53208

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...