A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
protobufjs: Memory amplification from preserved unknown fields in binary decode
aiohttp: Incomplete websocket frame payloads bypass memory limits
aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect
aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
aiohttp: CRLF injection in multipart headers
React Router: Potential CSRF via PUT/PATCH/DELETE document requests
Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content
DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks
DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocatio...