Lucene search
K

89 matches found

OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76992 CVE-2025-47911 affecting package influxdb 2.7.5-10

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.11 views

AZL-77096 CVE-2025-47911 affecting package sriov-network-device-plugin 3.7.0-4

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

AZL-76859 CVE-2025-47911 affecting package application-gateway-kubernetes-ingress 1.7.7-2

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 5:48 p.m.4 views

CVE-2025-58190 Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.5AI score0.00482EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...

5.3CVSS7.3AI score0.00482EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/15 8:2 p.m.6 views

CVE-2026-22774

A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker can exploit this vulnerability by providing specially crafted input to the devalue.parse function. This can cause the application to consume excessive CPU time and memory, leading to a denial of servi...

7.5CVSS6.6AI score0.0057EPSS
Exploits0References6
NVD
NVD
added 2026/01/15 7:16 p.m.7 views

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS0.0057EPSS
Exploits0References8
EUVD
EUVD
added 2026/01/15 6:59 p.m.6 views

EUVD-2026-2680

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.2AI score0.0057EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/30 9:2 p.m.4 views

EUVD-2025-205660

qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion...

8.7CVSS6.4AI score0.0041EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-15284

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce...

6.3CVSS6.7AI score0.0041EPSS
Exploits1References3
CVE
CVE
added 2025/12/29 10:56 p.m.404 views

CVE-2025-15284

CVE-2025-15284 is a vulnerability in the qs library (parse modules) where the arrayLimit check does not apply to bracket notation (a[]=...) as in the vulnerable code path (lib/parse.js:159-162). The issue enables potential DoS via memory exhaustion by creating larger-than-expected arrays, though ...

6.3CVSS7.2AI score0.0041EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/29 10:56 p.m.25 views

CVE-2025-15284 arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS0.0041EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1748

Malware in sbrugna...

7.5CVSS6.9AI score0.02218EPSS
Exploits1References21
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0924

Malicious code in bioql PyPI...

6.5CVSS6.9AI score0.01535EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1097

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.02462EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-28385

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.20459EPSS
Exploits3References51
vulnersOsv
vulnersOsv
added 2025/09/24 9:30 p.m.7 views

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +367 more potentially affected by CVE-2025-57324 via parse (>=1.10.1 <=6.1.1)

parse NPM version =1.10.1, =0.0.1, =3.10.1, =1.1.3, =2.0.0, =1.0.0, =1.0.0, =1.0.5, =2.2.0, =0.0.7, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-57324 Source advisory: OSV:GHSA-9G8M-V378-PCG3...

6.5CVSS5.8AI score0.00326EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/24 9:30 p.m.6 views

parse is vulnerable to prototype pollution

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...

6.5CVSS6.4AI score0.00326EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/09/24 12:0 a.m.13 views

CVE-2025-57324

The CVE-2025-57324 entry concerns the Parse-SDK-JS library. A prototype pollution flaw exists in SingleInstanceStateController.initializeState, allowing a crafted payload to inject properties into Object.prototype. Affected versions are parse 5.3.0 and earlier. Consequences include denial of serv...

6.5CVSS6.3AI score0.00326EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/24 12:0 a.m.2 views

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

6.3AI score0.00326EPSS
Exploits0References2
Rows per page
Query Builder