CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/10/15 7:55 a.m.•9 views

CVE-2025-39974 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()

0.00168EPSS

OSV•added 2025/10/15 7:55 a.m.•4 views

CVE-2025-39974 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()

6.3AI score0.00168EPSS

Exploits0References5

EUVD•added 2025/10/15 1:23 a.m.•3 views

EUVD-2017-18920

Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...

9.2CVSS8AI score0.00632EPSS

Positive Technologies•added 2025/10/15 12:0 a.m.•3 views

PT-2025-44389

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of Distributed File System DFS referrals within the SMB protocol. A malicious SMB server can send crafted responses to FSCTL DFS...

4.6CVSS6.1AI score0.00166EPSS

Broadcom•added 2025/10/15 12:0 a.m.•13 views

jwt-go allows excessive memory allocation during header parsing

golang-jwt is vulnerable to excessive memory allocation due to improper handling of the parse.ParseUnverified function. This could allow an attacker to cause significant memory consumption by sending a malicious request with an Authorization header containing many period characters...

7.5CVSS6.9AI score0.00693EPSS

CNNVD•added 2025/10/15 12:0 a.m.•5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds read in the parseintegerlimit function, which could lead to memory corruption...

6.1AI score0.00168EPSS

Tenable Nessus•added 2025/10/15 12:0 a.m.•2 views

Fedora 43 : mirrorlist-server / rust-maxminddb / rust-monitord-exporter / etc (2025-9e77f6ddcb)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-9e77f6ddcb advisory. - Update mirrorlist-server to version 3.0.8. - Update the maxminddb crate to version 0.26.0. - Update the prometheus crate to version 0.14.0. - Update the...

5.9CVSS5.5AI score0.0038EPSS

OpenVAS•added 2025/10/15 12:0 a.m.•3 views

Fedora: Security Advisory (FEDORA-2025-1ac08db27d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.8AI score0.0038EPSS

Exploits0References3

EUVD•added 2025/10/14 10:24 p.m.•3 views

EUVD-2025-34458

Parse Javascript SDK vulnerable to prototype pollution in Parse.Object and internal APIs...

6.4CVSS6.4AI score0.00374EPSS

Exploits0References5

vulnersOsv•added 2025/10/14 10:24 p.m.•4 views

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +367 more potentially affected by CVE-2025-62374 via parse (>=1.10.1 <=6.1.1)

parse NPM version =1.10.1, =0.0.1, =3.10.1, =1.1.3, =2.0.0, =1.0.0, =1.0.0, =1.0.5, =2.2.0, =0.0.7, =0.0.18, =0.0.18, =0.0.18, =0.0.19 and more Source cves: CVE-2025-62374 Source advisory: OSV:GHSA-9F2H-7V79-MXW3...

6.4CVSS5.8AI score0.00374EPSS

OSV•added 2025/10/14 10:24 p.m.•2 views

GHSA-9F2H-7V79-MXW3 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Summary Prototype pollution capabilities on various APIs. Details Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass -...

6.4CVSS7.3AI score0.00374EPSS

Exploits0References6

Fedora•added 2025/10/14 10:22 p.m.•6 views

[SECURITY] Fedora 43 Update: rust-protobuf-parse-3.7.2-1.fc43

Parse .proto files. Files are parsed into a protobuf::descriptor::FileDescriptorSet object using either: pure rust parser no dependencies protoc binary more reliable and compatible with Google's implementation...

5.9CVSS7.1AI score0.0038EPSS

Snyk•added 2025/10/14 8:44 p.m.•4 views

Prototype Pollution

Overview parse is a library that gives you access to the powerful Parse Server backend from your JavaScript app. Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to execute arbitrary code remotely by injecting a malicious payload into affected APIs,...

9.9CVSS8.4AI score0.00374EPSS

NVD•added 2025/10/14 8:15 p.m.•4 views

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

6.4CVSS0.00374EPSS

CVE•added 2025/10/14 8:6 p.m.•11 views

CVE-2025-62374

CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...

6.4CVSS7.2AI score0.00374EPSS

Cvelist•added 2025/10/14 8:6 p.m.•8 views

CVE-2025-62374 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

6.4CVSS0.00374EPSS