Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-42032

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

7.5CVSS5.8AI score0.00055EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/11 10:36 p.m.6 views

Deserialization of Untrusted Data

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...

8.7CVSS6.7AI score0.65592EPSS
Exploits13References2
OSV
OSV
added 2025/11/14 2:45 p.m.50 views

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

9.8CVSS7.6AI score0.08042EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27629

Malicious code in bioql PyPI...

4.7CVSS6.3AI score0.0028EPSS
Exploits0References7
OSV
OSV
added 2025/09/11 6:30 a.m.2 views

GHSA-33VC-WFWW-VJFV jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

5.3CVSS6AI score0.0028EPSS
Exploits0References8
NVD
NVD
added 2025/09/11 5:15 a.m.4 views

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

4.7CVSS0.0028EPSS
Exploits0References6
OSV
OSV
added 2025/09/11 5:15 a.m.3 views

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

2.3CVSS7AI score
Exploits0References6
CVE
CVE
added 2025/09/11 5:0 a.m.36 views

CVE-2025-9910

CVE-2025-9910 (jsondiffpatch) affects versions prior to 0.7.2 of jsondiffpatch, where HtmlFormatter::nodeBegin can be exploited to inject HTML/JS (XSS) that may enable code execution if untrusted payloads are diffed and rendered with the built-in HTML formatter on a private website. The entry not...

4.7CVSS6.5AI score0.0028EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/06/25 12:21 a.m.2 views

libthrift: potential DoS when processing untrusted payloads

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

7.5CVSS7.3AI score0.06779EPSS
Exploits0References4
Snyk
Snyk
added 2025/03/03 7:48 p.m.1 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...

4.7CVSS5.8AI score0.0028EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.5 views

libthrift: potential DoS when processing untrusted payloads

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

7.5CVSS7.3AI score0.06779EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/06/30 12:0 a.m.4 views

PT-2016-3293

Name of the Vulnerable Software and Affected Versions bzip2 versions 1.0.6 and earlier Description The issue is related to an out-of-bounds write in the BZ2 decompress function in decompress.c when there are many selectors. This can lead to memory corruption, resulting in a denial of service and/...

10CVSS9.8AI score0.51733EPSS
Exploits57References386
Rows per page
Query Builder