MAL-2026-105 Malicious code in syntax-class-properties (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf72c51c69dcb71762b580a0299d8e6c413cc2f20b0f9133034a98d43ce4151a The package syntax-class-properties was found to contain malicious code. Source: ghsa-malware...

Malicious code in syntax-class-properties (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf72c51c69dcb71762b580a0299d8e6c413cc2f20b0f9133034a98d43ce4151a The package syntax-class-properties was found to contain malicious code. Source: ghsa-malware...

libtasn1 安全漏洞

libtasn1 is a small ASN.1 library open-sourced by gnutls. A security vulnerability exists in libtasn1 version v4.20.0, which stems from the asn1expendoctetstring function not validating the input data size, which could lead to a stack-based buffer overflow...

[SECURITY] Fedora 43 Update: golang-github-alecthomas-chroma-2-2.14.0-6.fc43

A general purpose syntax highlighter in pure Go...

PoC-Analyzer

PoC Analyzer Proof-of-Concept Malicious Intent Detector !P...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Syntactic Correctness of Input in Golang (CVE-2025-22868)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2025-22868 Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CWE:CWE-1286: Improper Validation of Syntactic Correctness o...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-2487)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

Denial Of Service (DoS)

node-forge is vulnerable to Denial of Service DoS. The vulnerability is due to deep, attacker-crafted ASN.1 structures causing unbounded recursive parsing, allowing remote unauthenticated attackers to exhaust the stack and crash the application when processing untrusted DER input...

Interpretation-Conflict

node-forge is vulnerable to an Interpretation-Conflict. The vulnerability is due to crafted ASN.1 structures causing schema desynchronization, where inconsistent parsing can bypass downstream cryptographic checks and security decisions...

CVE-2025-13803

MediaCrush 1.0.0/1.0.1 contains a vulnerability in the Header Handler component (unknown function in /mediacrush/paths.py) where manipulation of the Host argument leads to improper neutralization of HTTP headers for scripting syntax. The issue can be triggered remotely. CVSS scores vary by versio...

node-forge ASN.1 Unbounded Recursion

...

UBUNTU-CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

CVE-2025-66031 node-forge ASN.1 Unbounded Recursion

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

GHSA-5GFM-WPXJ-WJGQ node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

Summary CVE-2025-12816 has been reserved by CERT/CC Description An Interpretation Conflict CWE-436 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may...

DEBIAN-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

UBUNTU-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

Interpretation Conflict

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Interpretation Conflict via the asn1.validate function. An attacker can cause schema validation to become desynchronized, resulting in semantic divergence that may allow bypassing...

Forge JavaScript library impacted by a vulnerability in signature verification.

Overview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code MAC data, was identified. Users of the...

PT-2025-48075

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data ...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...