Common Vulnerabilities and Exposures (CVE)

CVE-2024-1648

Dec 3, 2025 20:19:12 UTC

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

CVE-2025-64527

Dec 3, 2025 20:18:19 UTC

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tok...

CVE-2023-4316

Dec 3, 2025 20:17:51 UTC

Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails.

CVE-2023-0842

Dec 3, 2025 20:14:55 UTC

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

CVE-2023-0835

Dec 3, 2025 20:12:39 UTC

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.

CVE-2022-43984

Dec 3, 2025 20:10:14 UTC

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html...

CVE-2022-41713

Dec 3, 2025 20:08:02 UTC

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edit...

CVE-2022-41706

Dec 3, 2025 20:06:46 UTC

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.

CVE-2018-16228

Dec 3, 2025 20:05:56 UTC

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

CVE-2022-43983

Dec 3, 2025 20:05:20 UTC

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's ...

CVE-2025-50361

Dec 3, 2025 20:05:18 UTC

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.

CVE-2025-64763

Dec 3, 2025 20:02:40 UTC

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forward...

CVE-2022-42743

Dec 3, 2025 20:01:04 UTC

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be ...

CVE-2022-41714

Dec 3, 2025 19:58:57 UTC

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to b...

CVE-2025-50360

Dec 3, 2025 19:54:53 UTC

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.