6944 matches found
zip
This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...
CLSA-2025-1753299555 traceroute: Fix of CVE-2023-46316
CVE-2023-46316: parse command lines properly in wrapper scripts...
CLSA-2025-1753124055 libsoup: Fix of 7 CVEs
CVE-2025-32050: fix overflow in appendparamquoted - CVE-2025-32052: fix heap buffer overflow in soupcontentsniffersniff - CVE-2025-32053: fix heap buffer overflow in snifffeedorhtml - CVE-2025-32907: soup-message-headers: correct merge of ranges - CVE-2025-46420: fix leak in...
Malicious code in router-parse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d79988cd859092569021535b2a0ed329cc589611cb68ee789a342c0a1b0945e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5988 Malicious code in router-parse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d79988cd859092569021535b2a0ed329cc589611cb68ee789a342c0a1b0945e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security update for gnuplot
This update for gnuplot fixes the following issues: CVE-2025-31176: invalid read leads to segmentation fault on plot3dpoints bsc1240325. CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8copyone bsc1240326. CVE-2025-31178: unvalidated user input leads to segmentation faul...
BIT-PARSE-2025-53364 Parse Server exposes the data schema via GraphQL API
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
kernel: cifs: potential buffer overflow in handling symlinks
A buffer overflow vulnerability has been identified in the Linux kernel's Common Internet File System CIFS module, specifically within the parsemfsymlink function. This flaw is caused by insufficient input validation on the linklen value, which dictates the length of a symbolic link. An attacker...
kernel: cifs: potential buffer overflow in handling symlinks
A buffer overflow vulnerability has been identified in the Linux kernel's Common Internet File System CIFS module, specifically within the parsemfsymlink function. This flaw is caused by insufficient input validation on the linklen value, which dictates the length of a symbolic link. An attacker...
PT-2025-29418 · Unknown · Bigotry Onebase
Name of the Vulnerable Software and Affected Versions: Bigotry OneBase versions through 1.3.6 Description: A flaw exists in Bigotry OneBase that allows for cross site scripting. The issue is located in the parse args function within the /tpl/think exception.tpl file. Manipulation of the args...
DEBIAN-CVE-2025-1220
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
AZL-65250 CVE-2025-1220 affecting package php for versions less than 8.1.33-1
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
UBUNTU-CVE-2025-1220
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...
mcb: fix a double free bug in chameleon_parse_gdd()
...
SUSE CVE-2025-38307
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref...
@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-53364 via parse-server (>=5.6.0 <=6.5.11)
parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-53364 Source advisory: OSV:GHSA-48Q3-PRGV-GM4W...
Parse Server exposes the data schema via GraphQL API
Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...
GHSA-48Q3-PRGV-GM4W Parse Server exposes the data schema via GraphQL API
Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...
CVE-2025-53364
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...