PT-2022-27179 · Picoc · Picoc

Name of the Vulnerable Software and Affected Versions: PicoC version 3.2.2 Description: A heap buffer overflow was discovered in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall, which can lead to a potential issue. Recommendations: For PicoC version 3.2....

PT-2022-36752 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash occurred in the mg mqtt parse function, as indicated by the cras...

css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

GHSA-P28H-CC7Q-C4FG css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

UBUNTU-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222 Regular Expression Denial of Service (ReDoS)

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

PT-2022-14610 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a function called nla parse, which fails to check the length of a parameter, allowing userspace to control nla type. This can lead to out-of-bounds OOB acce...

Remote Code Execution

react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...

Crow 安全漏洞

Crow is a C++ microframework for running web services. A security vulnerability exists in Crow v1.0+4, which stems from a buffer overflow discovered via the qsparse function. An attacker could exploit this vulnerability to cause a Denial of Service DoS via specially crafted input...

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

GHSA-7VRV-5M2H-RJW9 ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

GO-2022-0192 Incorrect parsing of nested templates in golang.org/x/net/html

The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input ""...

CVE-2021-42196

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traitsparse located in abc.c. It allows an attacker to cause Denial of Service...

PT-2022-13915 · FFmpeg +3 · Ffmpeg +3

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 4.4.2 FFmpeg versions prior to 5.0.1 Description: An integer overflow issue was discovered in the g729 parse function located in libavcodec/g729 parser.c when handling a specially crafted file. This issue can be...

Prototype Pollution

simple-plist is vulnerable to prototype pollution. The vulnerability exists because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes via .parse function...

GHSA-GFF7-G5R8-MG8M Prototype Pollution in simple-plist

simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse...

Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...