CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

946 matches found

Tenable Nessus•added 2026/01/07 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-67858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impac...

7CVSS5.8AI score0.00043EPSS

Exploits0References2

Veracode•added 2026/01/02 1:36 p.m.•4 views

Improper Input Validation

qs is vulnerable to Improper Input Validation. The vulnerability is due to the arrayLimit option not being enforced for bracket notation parameters during query parsing, which allows an attacker to supply a large number of array elements and cause memory exhaustion via crafted HTTP requests...

6.3CVSS6.5AI score0.0004EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2025/12/31 5:42 p.m.•2 views

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

8.7CVSS5.9AI score0.0004EPSS

Exploits1References5

Patchstack•added 2025/12/31 12:0 a.m.•2 views

WordPress ABC Notation plugin <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ABC Notation versions = 6.1.3...

6.4CVSS5.3AI score0.00215EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2025/12/30 9:2 p.m.•8 views

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario...

6.3CVSS7.2AI score0.0004EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/30 9:2 p.m.•1 views

GHSA-6RW7-VPXM-498P qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion

6.3CVSS6.9AI score0.0004EPSS

Exploits1References4

EUVD•added 2025/12/30 9:2 p.m.•1 views

EUVD-2025-205660

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion...

8.7CVSS6.4AI score0.0004EPSS

Exploits1References3

Snyk•added 2025/12/30 12:1 a.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An attacker can exhaust...

8.7CVSS6.9AI score0.0004EPSS

Exploits1References2

Snyk•added 2025/12/30 12:1 a.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An...

8.7CVSS6.3AI score0.0004EPSS

Exploits1References2

Tenable Nessus•added 2025/12/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-15284

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce...

6.3CVSS6.7AI score0.0004EPSS

Exploits1References3

OSV•added 2025/12/29 11:15 p.m.•0 views

AZL-73319 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-5

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS6.6AI score0.0004EPSS

Exploits1References1

OSV•added 2025/12/29 11:15 p.m.•1 views

CVE-2025-15284

6.3CVSS5.9AI score

Exploits0References2

OSV•added 2025/12/29 11:15 p.m.•0 views

AZL-73359 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-4

6.3CVSS6.6AI score0.0004EPSS

Exploits1References1

NVD•added 2025/12/29 11:15 p.m.•2 views

CVE-2025-15284

6.3CVSS0.0004EPSS

Exploits1References2

OSV•added 2025/12/29 11:15 p.m.•0 views

AZL-73353 CVE-2025-15284 affecting package js-jquery 3.5.0-4

6.3CVSS6.6AI score0.0004EPSS

Exploits1References1

OSV•added 2025/12/29 11:15 p.m.•1 views

DEBIAN-CVE-2025-15284

6.3CVSS6.2AI score0.0004EPSS

Exploits1References1

OSV•added 2025/12/29 11:15 p.m.•0 views

AZL-73316 CVE-2025-15284 affecting package js-jquery 3.5.0-4

6.3CVSS6.1AI score0.0004EPSS

Exploits1References1

OSV•added 2025/12/29 11:15 p.m.•0 views

UBUNTU-CVE-2025-15284

6.3CVSS6.5AI score0.0004EPSS

Exploits1References5

UbuntuCve•added 2025/12/29 11:15 p.m.•1 views

CVE-2025-15284

6.3CVSS6.4AI score0.0004EPSS

Exploits1References4

ATTACKERKB•added 2025/12/29 10:56 p.m.•2 views

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across all...

6.3CVSS5.5AI score0.0004EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by