Linux Distros Unpatched Vulnerability : CVE-2022-24613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash...

Malicious code in k8s-image-extractor (npm)

The package k8s-image-extractor was found to contain malicious code...

Malicious code in string-template-extractor (npm)

The package string-template-extractor was found to contain malicious code...

MAL-2025-34097 Malicious code in string-template-extractor (npm)

The package string-template-extractor was found to contain malicious code...

MAL-2025-24148 Malicious code in k8s-image-extractor (npm)

The package k8s-image-extractor was found to contain malicious code...

curl: Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c

Summary: The hrefextractor.c example in the curl repository https://github.com/curl/curl/blob/master/docs/examples/hrefextractor.c references an external HTML parser library hosted at https://github.com/arjunc77/htmlstreamparser. The referenced GitHub username arjunc77 or repository...

Malicious code in plugin-meta-extractor (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8afae718387e4b2dfc69c8abec1fa53bf680355cc9e412cbeedfa77c47ac2f6b Any computer that has this package installed or running should be considered...

MAL-2025-5625 Malicious code in plugin-meta-extractor (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8afae718387e4b2dfc69c8abec1fa53bf680355cc9e412cbeedfa77c47ac2f6b Any computer that has this package installed or running should be considered...

PhishKey: a Novel Centroid-Based Approach for Enhanced Phishing Detection Using Adaptive HTML Component Extraction

Phishing attacks pose a significant cybersecurity threat, evolving rapidly to bypass detection mechanisms and exploit human vulnerabilities. This paper introduces PhishKey to address the challenges of adaptability, robustness, and efficiency. PhishKey is a novel phishing detection method using...

An Efficient Construction of Raz's Two-Source Randomness Extractor with Improved Parameters

Randomness extractors are algorithms that distill weak random sources into near-perfect random numbers. Two-source extractors enable this distillation process by combining two independent weak random sources. Raz's extractor STOC '05 was the first to achieve this in a setting where one source has...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 10.5.5 and prior 10.5.x, 9.11.15 and prior 9.11.x, 10.8.0 and prior 10.8.x, 10.7.2 and prior 10.7.x, and 10.6.5 and prior 10.6.x, which stems from an...

candid-extractor (>=0.1.0 <=0.1.2), debug-engine (>=0.1.0 <=0.1.1) +69 more potentially affected by unknown CVE via wasmtime-jit-debug (>=0.35.0 <=1.0.2)

wasmtime-jit-debug CARGO version =0.35.0, =0.1.0, =0.1.0, =0.1.3, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.0.6, =0.11.0, =0.9.0, =0.9.0, =0.9.0, =0.10.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9GHP-W2HM-VFPF...

CVE-2024-55504

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploitcombined.dylib component on MacOS...

CVE-2023-42721

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...

CVE-2022-25312

An XML external entity XXE injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's...

CVE-2021-0614

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528...

CVE-2021-0411

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362...

CVE-2021-0576

In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187236084...

CVE-2020-0321

In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155171907...

CVE-2020-0383

In Parseins of easmdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...