dot-querystring 安全漏洞

dot-querystring is a dot notation library for node query strings by the individual developer Naoya Tsutsumi. A security vulnerability exists in dot-querystring version v0.2.0, which stems from the lib.parse function containing a prototype contamination vulnerability...

PT-2025-5767 · Dot-Qs · Dot-Qs

Name of the Vulnerable Software and Affected Versions: dot-qs version 0.2.0 Description: A prototype pollution in the lib.parse function allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For dot-qs version 0.2.0, consider disabling the lib.parse...

The vulnerability of the uvc_parse_format() function in the drivers/media/usb/uvc/uvc_driver.c file of the Linux operating system’s UVC driver kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the uvcparseformat function in the drivers/media/usb/uvc/uvcdriver.c file, a part of the Linux kernel’s USB Video Class UVC driver, relates to memory access beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict

A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...

Malicious code in custom-query-parse-serialization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b54841d5b21c1f37a53ed8c5230cf6d43e948115b0116890c9bc53a963e08dae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2025:20045-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 - CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 - CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 - CVE-2024-28757: XML Entity...

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...

The vulnerability of the parse_options function in the sbgdec.c component of the libavformat module of the FFmpeg multimedia library allows a attacker to cause a service failure.

The vulnerability of the parseoptions function in the sbgdec.c component of the libavformat module of the FFmpeg multimedia library is related to the copying of buffers without checking the input data. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the sqlparse.parse() function in the SQL parser module for Python, Sqlparse, allows a hacker to cause a service failure.

The vulnerability of the sqlparse.parse function in the SQL parser module for Python, Sqlparse, is related to an uncontrolled recursion during the processing of deeply nested lists. Exploiting this vulnerability could allow a malicious actor to cause service failures...

PT-2025-4114 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problematic issue has been found in the file / parse/load job-details.php, where the manipulation of the business stream name and company website url arguments leads to cross site...

PT-2025-4102 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A vulnerability has been found in the code, classified as problematic. It affects an unknown part of the file /parse/ call job search ajax.php. The manipulation of the n argument leads to...

The vulnerability of the parse_endpoints() function in the tcprewrite editing tool and the Tcpreplay tool for editing and replaying PCAP files allows a hacker to cause a service failure.

The vulnerability of the parseendpoints function in the tcprewrite editing tool for PCAP files, as well as in the Tcpreplay tool for editing and replaying PCAP files, is related to pointer manipulation. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the qtdemux_parse_trak function in the Gstreamer multimedia framework allows a hacker to execute arbitrary code.

The vulnerability of the qtdemuxparsetrak function in the Gstreamer multimedia framework is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)

Summary The affected calls are used by DataPower Operator for processing messages exchanged with Kubernetes and IBM DataPower Gateway. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending...

PT-2025-2591 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a possible infinite loop in the parseUriInternal function of Intent.java due to improper input validation. This could lead to a local denial of service with no...

PT-2025-5652 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions extract mediaip, parse sdp session, and parse mixed content. No...

SUSE CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

PT-2025-5651 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 8 crash has been reported. The crash occurs in the following functions: extract candidate, parse sdp session, and parse mixed...