1075 matches found
SUSE CVE-2025-59044
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...
NVIDIA CUDA toolkit and NVIDIA nvJPEG numeric error vulnerability
NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. nVIDIA nvJPEG is an image codec library. A numeric error vulnerability exists in NVIDIA CUDA toolkit and NVIDIA nvJPEG, which arises from a divide-by-zero error in the...
NVIDIA CUDA toolkit 数字错误漏洞
NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. nVIDIA nvJPEG is an image codec library. A numeric error vulnerability exists in NVIDIA CUDA toolkit and NVIDIA nvJPEG, which arises from a divide-by-zero error in the...
Prototype Pollution
devalue is vulnerable to prototype pollution. The vulnerability is due to devalue.parse not validating that an index is numeric, which allows an attacker to pass a crafted string with a proto property to assign prototypes to objects and properties...
CVE-2025-6051
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library’s EnglishNormalizer.normalizenumbers method of the CLVP model. Maliciously crafted long numeric strings cause excessive CPU usage due to inefficient regex processing, leading to...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.52.4 and earlier, which stems from the mishandling of numeric strings in the normalizenumbers method...
PT-2025-37422
Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.52.4 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the normalize numbers method of the EnglishNormalizer class. This issue arises from the method's handling of...
CVE-2025-8417
CVE-2025-8417 affects the WordPress plugin Catalog Importer, Scraper & Crawler (versions
Linux Distros Unpatched Vulnerability : CVE-2017-16872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message like cseq, ttl, port,...
Incorrect Conversion between Numeric Types
Overview Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types via the TTL function, which casts the 64-bit etcd lease ID to a uint32 and uses it as the TTL. An attacker can cause prolonged caching of DNS records and disrupt DNS resolution by supplying lar...
Himmelblau 安全漏洞
Himmelblau is an Azure Entra ID authentication module open-sourced by Himmelblau. A security vulnerability exists in Himmelblau versions 0.9.0 to 0.9.22, which stems from the derivation of a numeric GID from a group display name, which could lead to authorization bypass...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
...
Linux Distros Unpatched Vulnerability : CVE-2021-45927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MDB Tools aka mdbtools 0.9.2 has a stack-based buffer overflow at 0x7ffd6e029ee0 in mdbnumerictostring called from mdbxferbounddata and mdbattemptbind...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2023-39357
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. A defect in the sqlsave function was discovered. When the column type is numeric,...
CVE-2025-57820
CVE-2025-57820 affects the JavaScript library devalue (used with Svelte). Prior to version 5.3.2, parsing payloads with devalue.parse could allow a proto property and non-numeric indices to be treated in dangerous ways, enabling prototype pollution on objects via the prototype chain. The issue is...
CVE-2025-57820 Svelte devalue vulnerable to prototype pollution
Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...
Denial Of Service (DoS)
github.com/gofiber/fiber is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation when parsing form data with excessively large numeric slice indexes, leading to integer overflow or memory exhaustion and application crash...
ROS-20250825-06
A vulnerability in the Aggregate Term Handler component of the SQLite database management system is related to errors in the numeric truncation errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of the SQLit...