566 matches found
hdf5: HDF5 heap-based overflow
A vulnerability was found in the H5Creconstructcacheentry function of the H5Cimage.c file in HDF5. Input manipulation can occur, which leads to a heap-based buffer overflow. Exploitation of this vulnerability requires local system access...
CVE-2025-66496
CVE-2025-66496 is a memory corruption issue in Foxit PDF Reader’s 3D annotation handling due to insufficient bounds checking when parsing PRC data, leading to out-of-bounds access. The connected advisory notes Foxit fixed multiple vulnerabilities in Foxit PDF Reader, including memory corruption a...
PT-2025-52424
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...
PT-2025-52390
Name of the Vulnerable Software and Affected Versions NSF Unidata NetCDF-C affected versions not specified Description A remote code execution issue exists in NSF Unidata NetCDF-C due to an integer overflow in the handling of NC Variables. This allows for potential code execution. Recommendations...
EUVD-2025-203473
Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...
CVE-2025-14542
The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...
CVE-2025-65296
CVE-2025-65296 affects Aqara Hub M2 (version 4.3.6_0027), Aqara Hub M3 (4.3.6_0025), and Aqara Camera Hub G3 (4.1.9_0027). The issue is a NULL-pointer dereference in the JSON processing component, which enables denial-of-service attacks via malformed JSON inputs. Public details consistently descr...
DEBIAN-CVE-2025-64076
Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...
MAL-2025-184575 Malicious code in odasv-kinu-bobac (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8344e78f61193872306260e62e6648fabc0b82ca4615dd652d88424e0595c75f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ocha-semur94-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e1214fb3558730b5088b5d558b262398dc4a9fbcdbc1f5bbc93d26e66a2b65c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-85618 Malicious code in fitri-lupis6-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f5296ac4596ca6cf80273e93cbc6b28523959939e18ad51877f5216e66d252d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
GO-2025-4071 Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault...
Wireshark 4.4.x < 4.4.9 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 4.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.9 advisory. - SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 - Column handling crashes...
GitLab 11.7 < 18.3.5 / 18.4 < 18.4.3 / 18.5 < 18.5.1 (CVE-2025-11974)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab...
CVE-2025-62397
CVE-2025-62397 describes a router-side issue where responses to invalid course IDs are inconsistent, enabling an attacker to infer which course IDs exist (information disclosure for reconnaissance). The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network access with low confi...
Hikvision CSMP iSecure Center 安全漏洞
Hikvision CSMP iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision CSMP iSecure Center version 2024-08-01 and earlier, which stems from unverified execution of the $ command in JSON data, which could lead to the execution...
EUVD-2018-0616
Malware in sbrugna...
EUVD-2017-2863
Malware in sbrugna...
EUVD-2009-2840
Malware in sbrugna...
EUVD-2017-12088
Malware in sbrugna...