6849 matches found
CVE-2026-39825
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
CVE-2026-39825
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
CVE-2026-39825
CVE-2026-39825 concerns Go’s ReverseProxy (net/http/httputil). The issue: ReverseProxy forwards query parameters that are not visible to Rewrite/Director functions parsing parameters via url.ParseQuery. It does not respect ParseQuery’s limit on total query parameters (controlled by GODEBUG=urlmax...
GO-2026-4976 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
artemproject2 (>=1.2.1 <=1.8.8) potentially affected by CVE-2025-63703 via parse-ini (=1.0.6)
parse-ini NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on parse-ini and may be impacted: - artemproject2 =1.2.1, =1.8.8 Source cves: CVE-2025-63703 Source advisory: OSV:GHSA-X72J-HV9F-QQH4...
parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
Prototype Pollution
Overview parse-ini is a Parse ini file to get the content and variables of the ini file as node object. Affected versions of this package are vulnerable to Prototype Pollution via the index.js file. An attacker can manipulate object properties and potentially execute arbitrary code or alter...
NPM: parse-ini is vulnerable to Prototype Pollution in index.js()
NPM: parse-ini is vulnerable to Prototype Pollution in index.js vulnerability discovered by ? in WordPress Npm parse-ini versions 1.0.6...
EUVD-2025-209729
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
GHSA-X72J-HV9F-QQH4 parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.317 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option ...
SUSE CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
parse-ini 安全漏洞
parse-ini is a INI configuration file parsing library developed by the individual developer at pein-consulting.de. Version 1.0.6 of parse-ini contains a security vulnerability, which stems from prototype pollution in the index.js file...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
VulnCheck KEV: CVE-2025-9501
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...
CVE-2025-63703
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
PT-2026-38566
Name of the Vulnerable Software and Affected Versions ReverseProxy affected versions not specified Description ReverseProxy can forward queries containing parameters that are not visible to Rewrite functions. When utilizing a Rewrite function or a Director function that parses query parameters,...
PT-2026-38452
Name of the Vulnerable Software and Affected Versions parse-ini version 1.0.6 Description The npm package is subject to Prototype Pollution within the index.js function. Prototype Pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to altered applicati...