CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

194 matches found

UbuntuCve•added 2022/09/30 12:0 a.m.•28 views

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

7.5CVSS7.1AI score0.00272EPSS

Exploits1References4

Positive Technologies•added 2022/09/13 12:0 a.m.•2 views

PT-2022-14610 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a function called nla parse, which fails to check the length of a parameter, allowing userspace to control nla type. This can lead to out-of-bounds OOB acce...

9.8CVSS9.2AI score0.00151EPSS

Exploits0References2

Veracode•added 2022/08/16 7:53 a.m.•26 views

Remote Code Execution

react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...

10CVSS9.2AI score0.00513EPSS

Exploits1References3Affected Software1

CNNVD•added 2022/08/04 12:0 a.m.•2 views

Crow 安全漏洞

Crow is a C++ microframework for running web services. A security vulnerability exists in Crow v1.0+4, which stems from a buffer overflow discovered via the qsparse function. An attacker could exploit this vulnerability to cause a Denial of Service DoS via specially crafted input...

9.8CVSS8.6AI score0.23988EPSS

Exploits1References5

Veracode•added 2022/07/26 5:9 a.m.•18 views

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

9.8CVSS8.7AI score0.00737EPSS

Exploits1References2Affected Software1

OSV•added 2022/07/26 12:1 a.m.•1 views

GHSA-7VRV-5M2H-RJW9 ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS5.9AI score0.00391EPSS

Exploits1References2

OSV•added 2022/07/01 8:11 p.m.•28 views

GO-2022-0192 Incorrect parsing of nested templates in golang.org/x/net/html

The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input ""...

7.5CVSS7.4AI score0.00652EPSS

Exploits1References3

OSV•added 2022/06/02 2:15 p.m.•1 views

CVE-2021-42196

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traitsparse located in abc.c. It allows an attacker to cause Denial of Service...

5.5CVSS5.8AI score0.0018EPSS

Exploits1References1

Positive Technologies•added 2022/04/25 12:0 a.m.•3 views

PT-2022-13915 · FFmpeg +3 · Ffmpeg +3

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 4.4.2 FFmpeg versions prior to 5.0.1 Description: An integer overflow issue was discovered in the g729 parse function located in libavcodec/g729 parser.c when handling a specially crafted file. This issue can be...

9.8CVSS6.5AI score0.02331EPSS

Exploits30References149

Veracode•added 2022/03/23 4:59 a.m.•22 views

Prototype Pollution

simple-plist is vulnerable to prototype pollution. The vulnerability exists because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes via .parse function...

9.8CVSS4.2AI score0.00281EPSS

Exploits1References2Affected Software1

OSV•added 2022/03/23 12:0 a.m.•21 views

GHSA-GFF7-G5R8-MG8M Prototype Pollution in simple-plist

simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse...

9.8CVSS9.5AI score0.00281EPSS

Exploits1References5

Veracode•added 2021/12/23 9:44 a.m.•11 views

Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...

8.7CVSS4.8AI score0.00239EPSS

Exploits0References3Affected Software1

OSV•added 2021/11/03 8:15 p.m.•33 views

CVE-2021-22960