CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

CVE-2025-62494 Type confusion in string addition in QuickJS

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

CVE-2025-62494

Summary: CVE-2025-62494 is a type-confusion vulnerability in the QuickJS engine’s string concatenation path. During the + operation, if the left operand is a string, the code converts the right operand to a primitive via JS_ToPrimitiveFree, which can trigger callbacks (toString/valueOf). While th...

CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

CVE-2025-62493

A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. The function determines the number of characters ndigits...

CVE-2025-62493 Heap out-of-bounds read in js_bigint_to_string1 in QuickJS

A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. The function determines the number of characters ndigits...

EUVD-2025-34730

Mattermost has an Observable Timing Discrepancy vulnerability...

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS due to a type confusion when handling string addition operations, which could lead to out-of-bounds memory accesses and memory corruption to execute arbitrary code...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS, which stems from an error in the computation of the median in the BigInt string conversion logic, which could lead to out-of-bounds reads and information disclosure...

EUVD-2022-55091

In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...

QNAP QTS and QuTS hero formatting string error vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Astra Linux - уязвимость в glib2.0

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

CVE-2025-11695 Configuration may unexpectedly disable certificate validation

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

CVE-2025-11695 Configuration may unexpectedly disable certificate validation

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

Configuration may unexpectedly disable certificate validation

When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5...

CVE-2025-11653

UTT HiPER 2620G (versions up to 3.1.4) has a buffer overflow in strcpy used by the /goform/fNTP NTPServerIP parameter. This can be triggered remotely, potentially allowing arbitrary code execution or service disruption. Public exploits have been disclosed and vendor contact regarding disclosure w...

OSV-2025-830 Security exception in java.base/java.lang.AbstractStringBuilder.<init>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451017447 Crash type: Security exception Crash state: java.base/java.lang.AbstractStringBuilder. java.base/java.lang.StringBuilder. com.ctc.wstx.util.TextBuffer.contentsAsString...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...