235 matches found
Regular Expression Denial of Service (ReDoS)
Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the t.String process when handling URL formats. An attacker can cause significant performance degradation and service unavailability by submitting...
QuickJS 安全漏洞
QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. The QuickJS 2025-09-13 version contains a security vulnerability. This vulnerability stems from a garbage collection internal assertion failure when processing specially crafted JavaScript inputs,...
CVE-2026-27691
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...
CVE-2026-27691
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in the vipsforeignloadmatrixheader function. An attacker can cause memory corruption by providing specially crafted input files to the affected process. Remediation A fix was pushed into the master branch but not yet...
Oneflow security vulnerabilities
OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a type validation flaw in the flow.dstack component, which may allow for denial-of-service attacks through specially crafted inputs...
Astra Linux – Vulnerability in Python 3.11
The html.parser.HTMLParser class has worst-case quadratic complexity when processing certain malformed inputs, which could potentially lead to a heightened denial-of-service attack...
CVE-2025-14027
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...
CVE-2025-14027
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...
CVE-2025-14027
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...
CVE-2025-14027
CVE-2025-14027 affects Rockwell Automation 1756-RM2 and 1756-RM2XT firmware in ControlLogix Redundancy Enhanced Modules. The issue is described as multiple denial-of-service vulnerabilities triggered by crafted inputs (including malformed Class 3 messages, memory leak conditions, and other resour...
PT-2026-3560
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Multiple denial-of-service issues exist that can be triggered through crafted inputs, including malformed Class 3 messages, memory leak conditions, and resource exhaustion scenarios. Exploitation may cause the...
Rockwell Automation ControlLogix Redundancy Enhanced Module security vulnerabilities
Rockwell Automation ControlLogix Redundancy Enhanced Module is a core hardware component of Rockwell Automation. There is a security vulnerability present in the Rockwell Automation ControlLogix Redundancy Enhanced Module, which stems from processing specially crafted inputs. This vulnerability m...
poppler: Out-of-Bounds Read in Poppler
A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...
poppler: Out-of-Bounds Read in Poppler
A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...
PT-2026-1644
Veeam Backup & Replication and Affected Versions Veeam Backup & Replication versions 13.0.1.180 and earlier Description A critical remote code execution RCE vulnerability exists in Veeam Backup & Replication software. This flaw, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a user...
Improper Input Validation
sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...
Improper Input Validation
cipher-base is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to alter processing behavior...
EUVD-2025-201886
Robocode vulnerable to Directory Traversal in recursivelyDelete Method...
UBUNTU-CVE-2025-14308
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...