818 matches found
Uncaught Exception
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...
Improper Handling of Exceptional Conditions
Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to crash by sending a...
CVE-2026-8162
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
CVE-2026-8161
This CVE affects [email protected] and earlier, where the parser stores fields/files on plain objects and can collide with inherited Object.prototype properties (e.g., proto , constructor, toString). The root cause is prototype pollution leading to a TypeError when .push() is invoked on a non-arra...
CVE-2026-8161
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
Malicious code in 66o (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the decryption process when chunking is performed at certain boundaries. An attacker can cause decryption failures and trigger exceptions by manipulating the way encrypted data is chunked and processed. Note: This ...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the decryption process when chunking is performed at certain boundaries. An attacker can cause decryption failures and trigger exceptions by manipulating the way encrypted data is chunked and processed. Note: This ...
Uncaught Exception
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Uncaught Exception through the Promise constructor when an unhandled rejection propagates from the sandboxed environment to the host process. An...
Uncaught Exception
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Uncaught Exception through the Promise constructor when an unhandled rejection propagates from the sandboxed environment to the host...
SUSE CVE-2013-3245
plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: microcode_ctl (UTSA-2026-015073)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015073 advisory. Uncaught exception in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local...
CVE-2026-5937
CVE-2026-5937 is associated with Foxit PDF Editor/Reader and is caused by insufficient parameter verification that can lead to format errors in files. This triggers an unhandled std::invalid_argument exception, which results in the application terminating (denial of service). The available docume...
Important: nodejs22
Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...
Important: nodejs20
Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...