CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

The CVE-2023-30421 entry concerns mystrtod in the mjson library (version 1.2.7). Affected component: mjson’s mystrtod function; root cause: processing certain numeric strings requires an excessive number of iterations (example: 8891110122900e913013935755114). Reported impact is denial of service ...

mJson 安全漏洞

mJson is an extremely lightweight Java JSON library from the individual developer Borislav Iordanov. A security vulnerability exists in mJson version 1.2.7, which could lead to a denial of service when processing certain numeric strings...

PT-2025-17395 · Mjson · Mjson

Name of the Vulnerable Software and Affected Versions: mjson version 1.2.7 Description: The issue arises in the mystrtod function of mjson, which requires an excessive number of iterations when processing specific digit strings, such as 8891110122900e913013935755114. This can lead to potential...

Azure Linux 3.0 Security Update: unzip (CVE-2021-4217)

The version of unzip installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-4217 advisory. - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lea...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

The vulnerability in unzip occurs due to improper handling of Unicode strings

...

DRUPAL-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

GHSA-HX7H-9VF7-5XHG Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary There is a ReDoS vulnerability risk in the system, specifically when administrators create notification through the web servicepushdeer and whapi. If a string is provided that triggers catastrophic backtracking in the regular expression, it may lead to a ReDoS attack. Details The regular...

CVE-2025-2356

A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely...

CVE-2025-2356 BlackVue App API deviceDelete get request method with sensitive query strings

A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely...

CVE-2022-29059

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted...

GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings

...

GHSA-968P-4WVH-CQC8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Impact When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings i.e. the second argument passed to .replace. Your generated code is vulnerable if all the...

CVE-2025-27789

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

Log Injection

Envoy Gateway is vulnerable to Log Injection. The vulnerability is due to improper log handling due to the use of a default Envoy Proxy access log configuration, allowing attackers to craft user-agent strings that inject and overwrite fields in the access log...