6946 matches found
CVE-2025-57324
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...
CVE-2025-57324
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...
CVE-2025-57324
The CVE-2025-57324 entry concerns the Parse-SDK-JS library. A prototype pollution flaw exists in SingleInstanceStateController.initializeState, allowing a crafted payload to inject properties into Object.prototype. Affected versions are parse 5.3.0 and earlier. Consequences include denial of serv...
parse-server 安全漏洞
parse-server is a Node.js/Express parse server open-sourced by Parse Platform. A security vulnerability exists in parse-server version 5.3.0 and earlier, which stems from a prototype contamination in the SingleInstanceStateController.initializeState function, which allows an attacker to inject an...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
Malicious Package
Overview vite-plugin-parse-json is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in vite-plugin-parse-json (npm)
The package vite-plugin-parse-json was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4013d2b27a0c8568a2b51161431838d7877caf18d55e179597d06e162989b484 Any computer that has this package installed or running should be considered full...
libtpms: Libtpms Out-of-Bounds Read Vulnerability
A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...
UBUNTU-CVE-2025-39887
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...
CVE-2025-39887 tracing/osnoise: Fix null-ptr-deref in bitmap_parselist()
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...
CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
DEBIAN-CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
UBUNTU-CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the parsejobsini function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input to this process. Remediation There is no fixed version for axboe/fio...
CVE-2025-10824
CVE-2025-10824 affects the axboe fio package up to version 3.41. The vulnerability targets the function __parse_jobs_ini in init.c and is caused by a use-after-free condition. Exploitation requires local access, and a public exploit has been disclosed. The information across multiple sources cons...
CVE-2025-10824 axboe fio init.c __parse_jobs_ini use after free
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10824 axboe fio init.c __parse_jobs_ini use after free
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...
PT-2025-39092
Name of the Vulnerable Software and Affected Versions axboe fio versions up to 3.41 Description A flaw exists in axboe fio up to version 3.41. This issue is related to the parse jobs ini function within the init.c file, which can lead to a use after free condition. The attack requires local acces...