Lucene search
K

32 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS0.00112EPSS
Exploits0References8
CVE
CVE
added 2 days ago12 views

CVE-2026-13523

GPAC (up to 26.02.0) is affected in the ISOBMFF Parser component, specifically the file src/utils/base_encoding.c. A manipulation can lead to data amplification, with local access required. The issue has a publicly available exploit and a remediation patch has been released. Vendor-provided fix a...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References8
OSV
OSV
added 4 days ago3 views

MAL-2026-6544 Malicious code in chai-as-persisted (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...

6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/10 3:31 p.m.7 views

Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2026/05/04 12:47 a.m.30 views

CVE-2026-42369 GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...

10CVSS0.00514EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 9:34 p.m.5 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the webchat audio embedding process. An attacker can access and exfiltrate arbitrary local audio-like files readable by the gateway process by influencing the...

6.3CVSS6.3AI score0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:28 p.m.3 views

CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

2.1CVSS5.8AI score0.00229EPSS
Exploits1References5
OSV
OSV
added 2026/04/16 1:10 p.m.7 views

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.0079EPSS
Exploits6References20
Tenable Nessus
Tenable Nessus
added 2026/04/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When calling base64.b64decode or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more...

6CVSS5.8AI score0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 6:17 p.m.31 views

CVE-2026-3446

CVE-2026-3446 affects Python’s base64 decoding (base64.b64decode and related functions). The root cause is that the decoder stops after the first padded quad, potentially leaving additional data unprocessed. This can cause data to be accepted and then processed differently by other implementation...

6CVSS5.7AI score0.00188EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26609

Name of the Vulnerable Software and Affected Versions versions prior to 2026-31381 Description An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL. The vulnerability involves the exposure of Personally Identifiable...

6.1CVSS6AI score0.00303EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/03/12 9:4 a.m.4 views

freerdp: FreeRDP global-buffer-overflow

A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...

9.1CVSS5.9AI score0.00599EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/10 6:41 p.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 7:17 a.m.2 views

CVE-2026-2703

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decodebase64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access...

5.5CVSS5.1AI score
Exploits0References7
OSV
OSV
added 2026/02/16 2:25 p.m.2 views

SUSE-SU-2026:20446-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

5.4CVSS6AI score0.00396EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.27 views

CVE-2019-25340 SpotAuditor 5.3.2 - 'Base64' Denial Of Service

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

7.5CVSS0.00422EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/07 4:10 p.m.22 views

CVE-2026-22543 WEEK ENCODING FOR PASSWORDS

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS0.00176EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 6:15 p.m.4 views

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.5CVSS6.5AI score
Exploits0References1
OSV
OSV
added 2025/10/22 9:23 p.m.4 views

CVE-2025-62705 OpenBao and Vault Leak []byte Fields in Audit Logs

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

5.7CVSS6.7AI score0.00299EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26385

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.01514EPSS
Exploits1References3
Rows per page
Query Builder