Lucene search
K

9 matches found

Snyk
Snyk
added 2026/04/24 7:20 p.m.4 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the isLoopback host check in the proxy helper, which relied on a static list of LOOPBACKADDRESSES. An attacker ca...

10CVSS5.4AI score0.01186EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/24 7:20 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the HTTP response handling path in the http.js adapter. An attacker can force a client to...

6.9CVSS5.8AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 7:18 p.m.5 views

Uncontrolled Recursion

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion through the toFormData recursive serializer in lib/helpers/toFormData.js. An attacker can crash a process by supplying a deeply...

8.7CVSS5.5AI score0.00744EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 11:17 p.m.2 views

CVE-2026-5747 Out-of-bounds Write in Firecracker virtio-pci Transport

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8664 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue...

8.7CVSS6.8AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 2026/04/07 11:17 p.m.51 views

CVE-2026-5747

Summary: CVE-2026-5747 is a local, hypothetical out-of-bounds write in the virtio-pci transport of Firecracker. Affects Firecracker versions 1.13.0–1.14.3 and 1.15.0 on x86_64 and aarch64. The issue could allow a local guest user with root privileges to crash the Firecracker VMM process or potent...

8.7CVSS6.7AI score0.00208EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 11:17 p.m.13 views

CVE-2026-5747

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8664 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue...

8.7CVSS6.5AI score0.00208EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 10:25 a.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 & 12.1 used by IBM® Db2® Big SQL 7 & 8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

10CVSS6.6AI score0.38701EPSS
Exploits11Affected Software1
Snyk
Snyk
added 2025/04/01 9:30 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data during schema parsing. An attacker can execute arbitrary code by passing in malicious classes as ReflectData or SpecificData inputs to the schema parser. Details Serialization is a process of converting...

10CVSS7.8AI score0.38701EPSS
Exploits9References2
OSV
OSV
added 2025/04/01 9:30 a.m.3 views

GHSA-2C59-37C4-QRX5 Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue...

10CVSS6.8AI score0.38701EPSS
Exploits9References12
Rows per page
Query Builder