6695 matches found
CLSA-2026-1779533209 NetworkManager: Fix of CVE-2024-6501
CVE-2024-6501: NULL pointer dereference of n-lldprx in nmlldpneighborparse when DEBUG logging is enabled, leading to denial-of-service on malformed LLDP packets...
Prototype Pollution
parseFormData is vulnerable to Prototype Pollution. The vulnerability is due to improper filtering of reserved property keys in bracket and dot-notation FormData field parsing, which allows an attacker to modify Object.prototype and pollute the prototype chain of application objects...
GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...
Parse Server: Pre-authentication denial of service via client version header regex backtracking
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...
PT-2026-42860
Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...
CVE-2026-41071
CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...
OSV-2026-796 UNKNOWN READ in processXDR
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515065185 Crash type: UNKNOWN READ Crash state: processXDR nmeaparse genericparseinput...
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
Impact A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parsenotebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without...
JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...
GHSA-8RP3-XC6W-5QP5 pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API
Summary The SSRF mitigation added in commit 33c55da for GHSA-7gvf-3w72-p2pg is incomplete. The PREREQFUNCTION-based private IP check was correctly applied to HTTPChunk download path but not to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an...
php: Fix of 2 CVEs
CVE-2026-6722: Use-after-free in SOAP ext via stale refmap pointer - CVE-2026-7261: Use-after-free in SOAP after header parse failure with SOAPPERSISTENCESESSION...
PT-2026-42689
Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's " proto " member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021669)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021669 advisory. MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations. Tenable has extracted the preceding description block...
PT-2026-42607
Summary The SSRF mitigation added in commit 33c55da for GHSA-7gvf-3w72-p2pg is incomplete. The PREREQFUNCTION-based private IP check was correctly applied to HTTPChunk download path but not to HTTPRequest used by the parse urls API. An authenticated attacker can supply a URL pointing to an...
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
CVE-2026-47099
TeleJSON prior to 6.0.0 contains a DOM-based XSS via the parse() reviver that reads a constructor-name property and passes it to new Function(), allowing arbitrary JavaScript execution in contexts such as postMessage for cross-frame communication. Affected component: TeleJSON parse() in versions ...
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...