127 matches found
Unsafe object property setter in mathjs
Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.1, an...
SUSE CVE-2026-34757
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
DEBIAN-CVE-2026-34757
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
PT-2026-31620
Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56 Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back int...
GHSA-737V-MQG7-C878 defu: Prototype pollution via `__proto__` key in defaults argument
Impact Applications that pass unsanitized user input e.g. parsed JSON request bodies, database records, or config files from untrusted sources as the first argument to defu are vulnerable to prototype pollution. A crafted payload containing a proto key can override intended default values in the...
Prototype Pollution
Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution in the protoAccessControl function. An attacker can gain unauthorized access to prototype methods by referencing lookupSetter in templates through...
Prototype Pollution
Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution in the protoAccessControl function. An attacker can gain unauthorized access to prototype methods by referencing lookupSetter in templat...
GHSA-7RX3-28CR-V5WH Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry
Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...
Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry
Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...
CVE-2022-50731
In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the default implementation from setpubkey: it is assumed that an implementation must always have this callback defined as there are no u...
EUVD-2021-1122
Malware in sbrugna...
CVE-2025-57247
The BATBToken smart contract address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a contains incorrect access control implementation in whitelist management functions. The setColdWhiteList and setSpecialAddress functions in the base ERC20 contract are declare...
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2024-52810 Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4
@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the globa...
The vulnerability in the implementation of the HCI driver for Bluetooth on Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the implementation of the HCI driver Bluetooth kernel for the Linux operating system is related to the assignment of a zero pointer in the functions min,maxkeysizeset in the net/bluetooth/hcidebugfs.c module. Exploiting this vulnerability could allow a malicious actor to caus...
Bidders can bid at previous auction reserve price by frontrunning the setter transactions
Lines of code Vulnerability details Impact The AuctionHouse.settleCurrentAndCreateNewAuction can frontrun the setter functions such as setCreatorRateBps, setMinCreatorRateBps, setEntropyRateBps, setTimeBuffer, setMinBidIncrementPercentage & setReservePrice. As soon as the current auction ends, an...
Upgraded Q -> 2 from #523 [1677626174331]
Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...
SUSE CVE-2009-2469
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an defineSetter function, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted documen...
SUSE CVE-2014-1713
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have...
SUSE CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...