Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45302

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.4AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:54 p.m.7 views

CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

7CVSS5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:54 p.m.18 views

EUVD-2026-32542

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

7CVSS5.8AI score0.00159EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 2:48 p.m.9 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 11:16 p.m.3 views

DEBIAN-CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS5.8AI score0.00704EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/03/09 9:38 a.m.14 views

kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...

7.8CVSS6.8AI score0.00239EPSS
Exploits0References5
Veracode
Veracode
added 2024/04/24 5:8 a.m.14 views

Prototype Pollution

Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...

8.6CVSS6.9AI score0.00725EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2024/04/23 9:15 p.m.36 views

Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

8.6CVSS8.5AI score0.00725EPSS
Exploits0References6Affected Software3
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.4 views

PT-2023-27150 · Unknown +1 · Routinator +1

Name of the Vulnerable Software and Affected Versions: Routinator versions up to and including 0.12.1 Description: The issue is caused by insufficient input checking in the bcder library, which may lead to a crash when trying to parse certain malformed RPKI objects. Recommendations: For versions ...

7.5CVSS6.5AI score0.00515EPSS
Exploits0References6
CVE
CVE
added 2023/03/15 9:52 p.m.55 views

CVE-2023-28096

OpenSIPS vulnerability CVE-2023-28096 involves a memory leak in the OpenSIPS 2.3 branch and older than 3.1.8 and 3.2.5 caused by parsing requests (notably via the MI - management interface). The leak was detected in parse_mi_request under fuzzing and can lead to memory exhaustion if the MI is exp...

7.5CVSS6AI score0.00767EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/01/11 4:48 p.m.4 views

dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

7.5CVSS5.8AI score0.0274EPSS
Exploits0References5
NVD
NVD
added 2022/08/29 5:15 a.m.32 views

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

5.5CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/29 4:53 a.m.26 views

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

6.4AI score0.0019EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/01/07 10:31 p.m.69 views

A potential Denial of Service issue in protobuf-java

Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are...

7.5CVSS2.2AI score0.01655EPSS
Exploits1References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.5 views

The vulnerability of the Siemens Solid Edge Viewer application, a tool set for design and simulation with Siemens Solid Edge, allows a malicious actor to execute arbitrary code.

The vulnerability of the Siemens Solid Edge Viewer application, a tool for design and simulation, is related to the use of memory after it is freed during OBJ file syntax analysis. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created malicio...

8.8CVSS7.6AI score0.01122EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/09/28 12:15 p.m.3 views

CVE-2021-41535

A vulnerability has been identified in NX 1953 Series All versions V1973.3700, NX 1980 Series All versions V1988, Solid Edge SE2021 All versions SE2021MP8. The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to...

7.8CVSS5.9AI score0.01517EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/28 12:0 a.m.2 views

Siemens Solid Edge 资源管理错误漏洞

Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. versions prior to Siemens Solid Edge SE2021MP8 contain a post-release reuse vulnerability when parsing OBJ files. An attacker could exploit this vulnerability to execute code in the context of the curre...

7.8CVSS7.7AI score0.01122EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2019/07/10 12:0 a.m.40 views

Microsoft Office Excel OLE Object Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

7.8CVSS5AI score0.1316EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2017/09/21 12:0 a.m.25 views

Microsoft Edge - Chakra Incorrectly Parses Object Patterns

function f a: b = 0x1111, c = 0x2222, .c = 0x3333 = ; f;...

7.4AI score
Exploits0
Oracle linux
Oracle linux
added 2016/05/16 12:0 a.m.79 views

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-37.3.1 - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. David Howells Orabug: 23279022 CVE-2016-0758 - uek-rpm: ol6: revert DRM for experimental or OL6-incompatible drivers Todd Vierling Orabug: 23270829 - unix: properly account for FDs passed over un...

7.2CVSS2.1AI score0.006EPSS
Exploits0
Rows per page
Query Builder