Lucene search
K

818 matches found

Snyk
Snyk
added 2026/05/18 5:35 p.m.12 views

Uncaught Exception

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...

8.7CVSS5.8AI score0.00473EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 11:24 a.m.12 views

Improper Handling of Exceptional Conditions

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to crash by sending a...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 10:16 a.m.11 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 9:5 a.m.40 views

CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 9:5 a.m.7 views

CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 8:50 a.m.54 views

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:50 a.m.12 views

CVE-2026-8161 multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References2
CVE
CVE
added 2026/05/12 8:50 a.m.54 views

CVE-2026-8161

This CVE affects [email protected] and earlier, where the parser stores fields/files on plain objects and can collide with inherited Object.prototype properties (e.g., proto , constructor, toString). The root cause is prototype pollution leading to a TypeError when .push() is invoked on a non-arra...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/12 8:50 a.m.12 views

CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:44 a.m.16 views

Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
Snyk
Snyk
added 2026/05/08 7:20 a.m.6 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the decryption process when chunking is performed at certain boundaries. An attacker can cause decryption failures and trigger exceptions by manipulating the way encrypted data is chunked and processed. Note: This ...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 7:20 a.m.7 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the decryption process when chunking is performed at certain boundaries. An attacker can cause decryption failures and trigger exceptions by manipulating the way encrypted data is chunked and processed. Note: This ...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 4:10 a.m.15 views

Uncaught Exception

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Uncaught Exception through the Promise constructor when an unhandled rejection propagates from the sandboxed environment to the host process. An...

9.2CVSS5.9AI score0.00448EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 4:10 a.m.10 views

Uncaught Exception

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Uncaught Exception through the Promise constructor when an unhandled rejection propagates from the sandboxed environment to the host...

9.2CVSS5.4AI score0.00448EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/04/30 2:39 a.m.11 views

SUSE CVE-2013-3245

plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer...

6.8CVSS6.4AI score0.02888EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: microcode_ctl (UTSA-2026-015073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015073 advisory. Uncaught exception in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local...

6.8CVSS6.3AI score0.00142EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 11:0 a.m.31 views

CVE-2026-5937

CVE-2026-5937 is associated with Foxit PDF Editor/Reader and is caused by insufficient parameter verification that can lead to format errors in files. This triggers an unhandled std::invalid_argument exception, which results in the application terminating (denial of service). The available docume...

5.5CVSS5.2AI score0.00103EPSS
Exploits0References1Affected Software2
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: nodejs22

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.26356EPSS
Exploits0
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: nodejs20

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.26356EPSS
Exploits0
Snyk
Snyk
added 2026/04/08 12:18 a.m.5 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...

8.2CVSS5.4AI score
Exploits0References2
Rows per page
Query Builder