CVE-2026-10200

A flaw was found in Assimp. A local attacker could trigger a heap-based buffer overflow in the glTFCommon::CopyValue function, part of the 4x4 Matrix Parser component. This vulnerability could lead to limited information disclosure, denial of service, or other impacts on system integrity and...

IO-Compress 安全漏洞

IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress from 2.207 to 2.220 had security vulnerabilities. These vulnerabilities occurred due to the zipdetails CLI tool crashing when processing Info-ZIP Unix Extra Fields. This...

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the value function in src/Toolkit/Xml.php. An attacker can smuggle raw XML markup into generated output by supplying a string that begins with - GitHub Commit - Maintainer's Advisory Credit: dapatrese...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libexif (UTSA-2026-014285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014285 advisory. libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten du...

Prototype Pollution

jsonpath is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of object paths in the value function within lib/index.js, where attacker-controlled property paths can modify Object.prototype, allowing arbitrary property injection into global objects and potentially...

CVE-2026-2644

A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack nee...

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

Prototype Pollution

Overview jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the value function. An attacker can modify the prototype of built-in objects by supplying crafted input...

CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

CVE-2025-61140

The CVE-2025-61140 entry concerns jsonpath version 1.1.1, where the value function in lib/index.js is vulnerable to Prototype Pollution. This is documented across multiple sources (GitHub advisory, OSV/NVD entries, and Red Hat advisories) and is categorized with a critical CVSS score. The vulnera...

JSONPath security vulnerabilities

JSONPath is a JSONPath engine developed by David Chester as an individual contributor. There is a security vulnerability in the 1.1.1 version of JSONPath, which stems from prototype pollution in the value function...

CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution...

CVE-2022-34029

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njsscopevalue at njsscope.h...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributevalue function due to improper sanitization of SVG animate attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into ...

SUSE CVE-2007-3726

Integer signedness error in the SETVALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service crash via a crafted RAR archive that causes a negative signed number to be cast to a large...

SUSE CVE-2015-8735

The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...

SUSE CVE-2021-39263

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

Cross-site Scripting (XSS)

silverstripe/versioned-admin is vulnerable to cross-site scripting.The vulnerability exists in the Value function of DiffField.php due to non-html fields in diff which allows an attacker to inject and execute malicious JavaScript via compare mode...

PT-2022-4871 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: Openwrt versions prior to 21.02.3 Openwrt version 22.03.0-rc6 Description: The issue is related to a buffer overflow vulnerability in the header value function, which allows attackers to access sensitive information via a crafted HTTP request...