CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...

CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...

CLSA-2025-1760548275 protobuf-c: Fix of CVE-2022-48468

CVE-2022-48468: fix unsigned integer overflow in parserequiredmember...

EUVD-2025-34598

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

DEBIAN-CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

UBUNTU-CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

CVE-2025-39974 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

CVE-2025-39974

CVE-2025-39974 concerns a slab-out-of-bounds bug in the Linux kernel’s tracing/osnoise subsystem. The vulnerability arises when configuring cpus via write() to /sys/kernel/debug/tracing/osnoise/cpus, triggering a KASAN fault in _parse_integer_limit due to missing terminator in the input parsed by...

CVE-2025-39974 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

EUVD-2017-18920

Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...

Fedora: Security Advisory (FEDORA-2025-1ac08db27d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : mirrorlist-server / rust-maxminddb / rust-monitord-exporter / etc (2025-9e77f6ddcb)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-9e77f6ddcb advisory. - Update mirrorlist-server to version 3.0.8. - Update the maxminddb crate to version 0.26.0. - Update the prometheus crate to version 0.14.0. - Update the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds read in the parseintegerlimit function, which could lead to memory corruption...

PT-2025-44389

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of Distributed File System DFS referrals within the SMB protocol. A malicious SMB server can send crafted responses to FSCTL DFS...

jwt-go allows excessive memory allocation during header parsing

golang-jwt is vulnerable to excessive memory allocation due to improper handling of the parse.ParseUnverified function. This could allow an attacker to cause significant memory consumption by sending a malicious request with an Authorization header containing many period characters...

EUVD-2025-34458

Parse Javascript SDK vulnerable to prototype pollution in Parse.Object and internal APIs...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +367 more potentially affected by CVE-2025-62374 via parse (>=1.10.1 <=6.1.1)

parse NPM version =1.10.1, =0.0.1, =3.10.1, =1.1.3, =2.0.0, =1.0.0, =1.0.0, =1.0.5, =2.2.0, =0.0.7, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-62374 Source advisory: OSV:GHSA-9F2H-7V79-MXW3...

GHSA-9F2H-7V79-MXW3 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Summary Prototype pollution capabilities on various APIs. Details Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass -...

[SECURITY] Fedora 43 Update: rust-protobuf-parse-3.7.2-1.fc43

Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...