120933 matches found
EUVD-2025-206619
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...
CVE-2025-65081
CVE-2025-65081 affects Lexmark devices with a Postscript interpreter. A heap-based buffer overrun in the Postscript interpreter’s execuserobject function can allow a network-adjacent attacker to execute arbitrary code without authentication on affected installations (Lexmark CX532adwe noted in ZD...
CVE-2025-65081
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...
GO-2026-4327 Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper
Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...
CVE-2025-65080 Type confusion vulnerability in Postscript interpreter
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...
CVE-2025-65080
CVE-2025-65080 describes a type-confusion vulnerability in the PostScript interpreter used by Lexmark devices. The flaw enables arbitrary code execution in the context of an unprivileged user and is exploitable by network-adjacent attackers (no authentication required) per ZDI details. Affected s...
EUVD-2025-206662
A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user...
CVE-2025-62404
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...
CVE-2025-61944 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length...
CVE-2025-59487 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine...
EUVD-2025-206686
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This iss...
CVE-2026-25502
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml function when processing malformed ICC profiles, allows potential arbitrary code execution...
GHSA-FJM6-8XP2-4FWC Boltz contains an insecure deserialization vulnerability in its molecule loading functionality
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
Deserialization of Untrusted Data
Overview boltz is a Boltz Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the mol.py file. An attacker with the ability to place a malicious pickle file in a directory can execute arbitrary code without validation. Details Serialization is a process of...
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2025-67189
A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. ...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2026-1312
A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...
CVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...