911 matches found
GHSA-VM2F-46XC-5JC3 AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...
CVE-2025-57697
AstrBot Project v3.5.22 contains an arbitrary file read vulnerability in the _encode_image_bs64 function (entities.py), where the function opens a user-provided image path and returns its content base64-encoded without validating the path. This path-traversal/unsafe file read leads to potential s...
CLSA-2025-1762338135 apr: Fix of CVE-2022-24963
CVE-2022-24963: Fix integer overflow in aprencode functions that could lead to out-of-bounds write...
EUVD-2023-60054
Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...
OSV-2025-855 Use-of-uninitialized-value in AlphaReplace_SSE2
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=454314139 Crash type: Use-of-uninitialized-value Crash state: AlphaReplaceSSE2 WebPReplaceTransparentPixels WebPEncode...
CVE-2025-62374
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...
Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs
Summary Prototype pollution capabilities on various APIs. Details Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass -...
Linux Distros Unpatched Vulnerability : CVE-2022-3965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smcencodestream of the file libavcodec/smcenc.c of the...
Linux Distros Unpatched Vulnerability : CVE-2023-53554
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - staging: ks7010: potential buffer overflow in kswlansetencodeext The exc-keylen is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could...
EUVD-2009-1334
Malware in sbrugna...
EUVD-2016-9462
Malware in sbrugna...
SUSE CVE-2023-53554
In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...
CVE-2023-53554
In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...
UBUNTU-CVE-2023-53554
In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...
CVE-2023-53554 staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...
CVE-2023-53554 staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in kswlansetencodeext The "exc-keylen" is a u16 that comes from the user. If it's over IWENCODINGTOKENMAX 64 that could lead to memory corruption...
PT-2025-40696
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the ks7010 driver. Specifically, a potential buffer overflow can occur within the ks wlan set encode ext function. The issue arises because t...
EUVD-2025-31927
Malicious code in bioql PyPI...
EUVD-2025-31341
Malicious code in bioql PyPI...
EUVD-2025-24132
Malicious code in bioql PyPI...