Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1744)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1744 advisory. crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Denial Of Service

Marked is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific input sequences during parsing, where a crafted sequence \x09\x0b\n triggers infinite recursion, leading to unbounded memory allocation and application crash due to out-of-memory conditions...

CVE-2026-35562

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

Amazon Linux 2023 : below (ALAS2023-2026-1523)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1523 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

PT-2026-6659

Name of the Vulnerable Software and Affected Versions time versions 0.3.6 through 0.3.46 rust-keylime versions prior to 0.2.8+116 python-uv-build versions prior to 0.10.2 SCCache versions prior to 0.13.0 Description The time crate provides date and time handling in Rust. Versions 0.3.6 through...

Claude Code Code Execution Vulnerability

Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...

JLSEC-2025-173 libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a sm...

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to polynomial time complexity issue, when parsing text which leads with either large numbers of or - characters. Mitigation Users unable to upgrade should validate that their input comes from trusted sources...

`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in multiple formats. A security vulnerability exists in ImageMagick version 7.1.0-49, which stems from the presence of a denial-of-service...

PT-2022-25249 · Xstream · Xstream

Name of the Vulnerable Software and Affected Versions: Xstream affected versions not specified Description: The issue allows an attacker to cause a denial of service attack by supplying content that causes the parser to crash by stack overflow when the parser is running on user-supplied input. Th...

PT-2022-23863 · Unknown +1 · Ddmal Mei2Volpiano +1

Name of the Vulnerable Software and Affected Versions: DDMAL MEI2Volpiano version 0.8.2 Description: The issue is related to an XML External Entity XXE vulnerability, which can lead to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

CVE-2022-24290

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions, Teamcenter V13.2 All versions V13.2.0.8, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. The tcserver.exe bina...

PT-2020-17121 · Dhowden · Dhowden

Name of the Vulnerable Software and Affected Versions: dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 Description: The issue is due to improper bounds checking in several methods, which can trigger a panic via readAtomData or readAPICFrame due to attempted out-of-bounds reads. If...

CVE-2019-8788

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration...

CVE-2019-13238

An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL...

GHSA-JXQQ-CQM6-PFQ9 Regular Expression Denial of Service in slug

Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds. Recommendatio...