CVE-2025-10948 MikroTik RouterOS libjson.so print parse_json_element buffer overflow

A vulnerability has been found in MikroTik RouterOS 7. This affects the function parsejsonelement of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

GHSA-9G8M-V378-PCG3 parse is vulnerable to prototype pollution

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...

parse is vulnerable to prototype pollution

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +367 more potentially affected by CVE-2025-57324 via parse (>=1.10.1 <=6.1.1)

parse NPM version =1.10.1, =0.0.1, =3.10.1, =1.1.3, =2.0.0, =1.0.0, =1.0.0, =1.0.5, =2.2.0, =0.0.7, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-57324 Source advisory: OSV:GHSA-9G8M-V378-PCG3...

Prototype Pollution

Overview parse is a library that gives you access to the powerful Parse Server backend from your JavaScript app. Affected versions of this package are vulnerable to Prototype Pollution via the initializeState function. An attacker can cause a denial of service by injecting malicious properties in...

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

axboe fio init.c __parse_jobs_ini use after free

...

CVE-2025-57324

The CVE-2025-57324 entry concerns the Parse-SDK-JS library. A prototype pollution flaw exists in SingleInstanceStateController.initializeState, allowing a crafted payload to inject properties into Object.prototype. Affected versions are parse 5.3.0 and earlier. Consequences include denial of serv...

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

parse-server 安全漏洞

parse-server is a Node.js/Express parse server open-sourced by Parse Platform. A security vulnerability exists in parse-server version 5.3.0 and earlier, which stems from a prototype contamination in the SingleInstanceStateController.initializeState function, which allows an attacker to inject an...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

Malicious code in vite-plugin-parse-json (npm)

The package vite-plugin-parse-json was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4013d2b27a0c8568a2b51161431838d7877caf18d55e179597d06e162989b484 Any computer that has this package installed or running should be considered full...

Malicious Package

Overview vite-plugin-parse-json is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

libtpms: Libtpms Out-of-Bounds Read Vulnerability

A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...

UBUNTU-CVE-2025-39887

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...

CVE-2025-39887 tracing/osnoise: Fix null-ptr-deref in bitmap_parselist()

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...

CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...