6717 matches found
PT-2026-21838
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only use...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
SUSE-SU-2026:0618-1 Security update for protobuf
This update for protobuf fixes the following issues:i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
Server-Side Request Forgery (SSRF)
Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
AZL-78273 CVE-2026-2903 affecting package re2c 3.1-4
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...
CVE-2026-2903
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...
DEBIAN-CVE-2026-2903
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...
CVE-2026-2876
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parsemacfilterrule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-2876
CVE-2026-2876 details (Tenda A18) : Affects Tenda A18 firmware version 15.13.07.13. The vulnerability lies in the function parse_macfilter_rule within /goform/setBlackRule, where manipulating the argument deviceList triggers a stack-based buffer overflow. Reported impact indicates high risk to co...
CVE-2026-2876 Tenda A18 setBlackRule parse_macfilter_rule stack-based overflow
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parsemacfilterrule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed an...
CVE-2026-2876
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parsemacfilterrule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed an...
[SECURITY] [DLA 4487-1] gegl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4487-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 21, 2026 https://wiki.debian.org/LTS -...