EUVD-2025-31408

Malicious code in bioql PyPI...

EUVD-2023-2072

Malicious code in bioql PyPI...

GHSA-FMJH-F678-CV3X github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

libtpms: Libtpms Out-of-Bounds Read Vulnerability

A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...

Linux Distros Unpatched Vulnerability : CVE-2023-46566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the...

CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file...

CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...

GHSA-X4C5-C7RF-JJGV @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...

@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...

AZL-54557 CVE-2024-45338 affecting package telegraf for versions less than 1.29.4-10

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54467 CVE-2024-45338 affecting package cni for versions less than 1.1.2-4

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54534 CVE-2024-45338 affecting package helm for versions less than 3.14.2-5

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54562 CVE-2024-45338 affecting package keda for versions less than 2.4.0-25

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54498 CVE-2024-45338 affecting package cert-manager for versions less than 1.11.2-17

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

GStreamer 缓冲区错误漏洞

GStreamer is the GStreamer open source set of frameworks for processing streaming media. GStreamer suffers from a buffer error vulnerability that stems from an out-of-bounds write vulnerability found in the gstssaparseremoveoverridecodes function in the gstssaparse.c file...

ROS-20241203-01

The Go programming language vulnerability is related to errors in processing special characters "" in the in the context of CSS. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Parse function of the Golang programming...

sqlparse: parsing heavily nested list leads to denial of service

A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...