26 matches found
CVE-2026-45302
parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...
CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
EUVD-2026-32542
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...
DEBIAN-CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...
Prototype Pollution
Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...
PT-2023-27150 · Unknown +1 · Routinator +1
Name of the Vulnerable Software and Affected Versions: Routinator versions up to and including 0.12.1 Description: The issue is caused by insufficient input checking in the bcder library, which may lead to a crash when trying to parse certain malformed RPKI objects. Recommendations: For versions ...
CVE-2023-28096
OpenSIPS vulnerability CVE-2023-28096 involves a memory leak in the OpenSIPS 2.3 branch and older than 3.1.8 and 3.2.5 caused by parsing requests (notably via the MI - management interface). The leak was detected in parse_mi_request under fuzzing and can lead to memory exhaustion if the MI is exp...
dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process
A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...
CVE-2022-25641
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...
CVE-2022-25641
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...
A potential Denial of Service issue in protobuf-java
Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are...
The vulnerability of the Siemens Solid Edge Viewer application, a tool set for design and simulation with Siemens Solid Edge, allows a malicious actor to execute arbitrary code.
The vulnerability of the Siemens Solid Edge Viewer application, a tool for design and simulation, is related to the use of memory after it is freed during OBJ file syntax analysis. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created malicio...
CVE-2021-41535
A vulnerability has been identified in NX 1953 Series All versions V1973.3700, NX 1980 Series All versions V1988, Solid Edge SE2021 All versions SE2021MP8. The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to...
Siemens Solid Edge 资源管理错误漏洞
Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. versions prior to Siemens Solid Edge SE2021MP8 contain a post-release reuse vulnerability when parsing OBJ files. An attacker could exploit this vulnerability to execute code in the context of the curre...
Microsoft Office Excel OLE Object Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
Microsoft Edge - Chakra Incorrectly Parses Object Patterns
function f a: b = 0x1111, c = 0x2222, .c = 0x3333 = ; f;...
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-37.3.1 - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. David Howells Orabug: 23279022 CVE-2016-0758 - uek-rpm: ol6: revert DRM for experimental or OL6-incompatible drivers Todd Vierling Orabug: 23270829 - unix: properly account for FDs passed over un...