CVE-2026-49197 Predator Connect W6x: Improper Authentication

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

BIT-PYTHON-MIN-2026-3446 Base64 decoding stops at first padded quad by default

When calling base64.b64decode or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use...

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing pre-allocation size checks in the base64 decoding process. An attacker can cause excessive memory allocation by providi...

GHSA-6VFR-P2HX-6V32 Apache Linkis: Password Exposure

When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

CVE-2025-11346

The CVE concerns ILIAS up to versions 8.23/9.13/10.1 where the Base64 Decoding Handler’s unserialize function is exploitable by manipulating the f_settings argument, enabling deserialization and a remote attack. The issue’s root cause is improper handling of f_settings in the unserialize flow. Im...

PT-2025-40943

Name of the Vulnerable Software and Affected Versions ILIAS versions prior to 8.24 ILIAS versions prior to 9.14 ILIAS versions prior to 10.2 Description A flaw exists in ILIAS related to the unserialize function within the Base64 Decoding Handler component. Manipulation of the f settings argument...

UBUNTU-CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

www/varnish-libvmod-digest -- base64 decoding vulnerability

varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case it may be possible for an attacker to circumvent the authentication check. If the decoded result string is somehow being made visible to the attacker for example the result of the decoding is...

CVE-2022-37134

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tpusrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tpusrname, resulting in stack overflow...

USN-3270-1 nss vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

(libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purplebase64decode function, which allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a crafted message, related to the plugins for MSN, MySpaceIM,...