89 matches found
AZL-76992 CVE-2025-47911 affecting package influxdb 2.7.5-10
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77096 CVE-2025-47911 affecting package sriov-network-device-plugin 3.7.0-4
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76859 CVE-2025-47911 affecting package application-gateway-kubernetes-ingress 1.7.7-2
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2025-58190 Infinite parsing loop in golang.org/x/net
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...
CVE-2026-22774
A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker can exploit this vulnerability by providing specially crafted input to the devalue.parse function. This can cause the application to consume excessive CPU time and memory, leading to a denial of servi...
CVE-2026-22774
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
EUVD-2026-2680
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
EUVD-2025-205660
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion...
Linux Distros Unpatched Vulnerability : CVE-2025-15284
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce...
CVE-2025-15284
CVE-2025-15284 is a vulnerability in the qs library (parse modules) where the arrayLimit check does not apply to bracket notation (a[]=...) as in the vulnerable code path (lib/parse.js:159-162). The issue enables potential DoS via memory exhaustion by creating larger-than-expected arrays, though ...
CVE-2025-15284 arrayLimit bypass in bracket notation allows DoS via memory exhaustion
Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...
EUVD-2021-1748
Malware in sbrugna...
EUVD-2022-0924
Malicious code in bioql PyPI...
EUVD-2022-1097
Malicious code in bioql PyPI...
EUVD-2023-28385
Malicious code in bioql PyPI...
3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +367 more potentially affected by CVE-2025-57324 via parse (>=1.10.1 <=6.1.1)
parse NPM version =1.10.1, =0.0.1, =3.10.1, =1.1.3, =2.0.0, =1.0.0, =1.0.0, =1.0.5, =2.2.0, =0.0.7, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-57324 Source advisory: OSV:GHSA-9G8M-V378-PCG3...
parse is vulnerable to prototype pollution
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...
CVE-2025-57324
The CVE-2025-57324 entry concerns the Parse-SDK-JS library. A prototype pollution flaw exists in SingleInstanceStateController.initializeState, allowing a crafted payload to inject properties into Object.prototype. Affected versions are parse 5.3.0 and earlier. Consequences include denial of serv...
CVE-2025-57324
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...