A local attacker or untrusted component running within a Go application could bypass directory confinement by accessing the parent directory of a restricted os.DirFS root using a "../" path.

A remote attacker that is able to load a specially crafted font file is able to execute arbitrary code on the affected host.

A remote attacker can exploit inefficient HTML tag parsing in Django’s strip_tags() function to cause excessive CPU usage, leading to a denial of service. This may affect applications that use the striptags template filter to sanitize user-controlled input, making them vulnerable to slowdown or unresponsiveness when handling specially crafted HTML content.

A remote attacker can craft a malicious hostname to execute arbitrary commands on a system using dbclient if the hostname is passed without proper sanitization.

A remote attacker can exploit multiple vulnerabilities in Node.js to cause a denial of service or bypass access restrictions. Improper error handling and memory management flaws may crash the process or lead to unbounded memory usage, while an HTTP parsing inconsistency in Node.js 20.x can enable request smuggling, allowing attackers to evade proxy-based access controls and submit unauthorized requests.

A remote attacker can exploit improper error handling and memory management flaws in Node.js to crash the process or exhaust system resources, leading to a denial of service. Specifically, malformed input may trigger a crash in asynchronous cryptographic operations, while repeated use of file system APIs with crafted input may cause unbounded memory growth.

A remote attacker can exploit improper error handling in Node.js’s asynchronous cryptographic operations to crash the process, leading to a denial of service.

A remote attacker could craft malicious web content that exploits use-after-free vulnerabilities in WPE WebKit, potentially leading to arbitrary code execution. This can compromise the confidentiality, integrity, and availability of affected systems, especially those rendering untrusted web content through WPE WebKit.

A remote attacker could craft malicious web content that exploits use-after-free vulnerabilities in WPE WebKit, potentially leading to arbitrary code execution. This can compromise the confidentiality, integrity, and availability of affected systems, especially those rendering untrusted web content through WPE WebKit.

A remote attacker could craft malicious web content that exploits use-after-free vulnerabilities in WPE WebKit, potentially leading to arbitrary code execution. This can compromise the confidentiality, integrity, and availability of affected systems, especially those rendering untrusted web content through WPE WebKit.