Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.3 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References1
OSV
OSV
added 2026/03/25 5:40 p.m.3 views

GHSA-9R5M-9576-7F6X LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

7.5CVSS6.1AI score0.00398EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-2705

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0141EPSS
Exploits1References5
OSV
OSV
added 2022/05/07 12:0 a.m.2 views

GHSA-6429-3G3W-6MW5 Uncaught Exception in bignum

All versions of the npm package bignum are vulnerable to Denial of Service DoS due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks...

7.5CVSS7.1AI score0.0141EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.3 views

libxmljs 输入验证错误漏洞

libxmljs is the LibXML binding for node.js. All versions of the libxmljs package have an input validation error vulnerability that stems from the fact that when calling a non-buffered parameter, the V8 code will attempt to call the .toString method for that parameter. If the toString value of the...

7.5CVSS7.4AI score0.01784EPSS
Exploits1References4
Snyk
Snyk
added 2022/01/31 3:4 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...

7.5CVSS7AI score0.01955EPSS
Exploits0References2
0day.today
0day.today
added 2018/06/11 12:0 a.m.40 views

Chrome V8 PromiseAllResolveElementClosure Element Confusion Vulnerability

Exploit for multiple platform in category dos / poc Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion The Promise.all method internally uses PromiseAllResolveElementClosure...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/09/29 12:0 a.m.33 views

Fedora 21 : nodejs-0.10.32-1.fc21 / v8-3.14.5.10-14.fc21 (2014-11132)

This update provides the latest stable version of Node.js and corresponding backports to the v8 package. This update resolves CVE-2013-6668, which has only a minor impact since Node.js is not typically used to execute untrusted JavaScript. For more information on the fixed vulnerability, please s...

7.5CVSS7.7AI score0.05428EPSS
Exploits1References4
Rows per page
Query Builder