EUVD-2026-21729

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

Warm-Flow 代码注入漏洞

Warm-Flow is a workflow engine developed by Dromara. Versions of Warm-Flow 1.8.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the improper handling of parameters listenerPath, skipCondition, and permissionFlag by the SpelHelper.parseExpression function in...

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

UBUNTU-CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

UBUNTU-CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A buffer overflow vulnerability exists in SWFTools version 0.9.2, which stems from the parseExpression method on the swftools/src/swfc.c:2587 page that fails to correctly validate the length of the input data, and can be...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A buffer overflow vulnerability exists in SWFTools version 0.9.2, which stems from the parseExpression method on the src/swfc.c:2602 page that fails to properly validate the length of the input data, and can be exploited...

SUSE CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

SUSE CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

DEBIAN-CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

DEBIAN-CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

AZL-35396 CVE-2023-29582 affecting package yasm 1.3.0-17

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

UBUNTU-CVE-2023-29583

DISPUTED yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...