CVE-2020-0385

In Parseinsh of easmdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2020-0303

In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1482232...

Invisible Entropy: Towards Safe and Efficient Low-Entropy LLM Watermarking

Logit-based LLM watermarking traces and verifies AI-generated content by maintaining green and red token lists and increasing the likelihood of green tokens during generation. However, it fails in low-entropy scenarios, where predictable outputs make green token selection difficult without...

Exploit for Use After Free in Apple Ipados

iOS "Airborne" Vulnerabilities - Log Artifact Extractor This...

org.webjars.npm:class-validator (>=0.8.5 <=0.14.0), org.webjars.npm:image-thumbnail (=1.0.15) +8 more potentially affected by CVE-2025-56200 via org.webjars.npm:validator (>=10.11.0 <=9.2.0)

org.webjars.npm:validator MAVEN version =10.11.0, =0.8.5, =3.1.2, =3.18.2, =3.25.1 Source cves: CVE-2025-56200 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14102004...

📄 DataEase 2.4.0 Information Disclosure

DataEase version 2.4.0 suffers from a database configuration information disclosure vulnerability. - Exploit Title: DataEase Database Creds Extractor - Shodan Dork: http.html:"dataease" - FOFA Dork: body="dataease" && title=="DataEase" - Exploit Author: ByteHunter - Email: [email protected] ...

0xkobold (>=0.5.0 <=0.8.0), @0xdwong/html-to-markdown (>=1.0.0 <=1.0.1) +346 more potentially affected by CVE-2025-2792 via @mozilla/readability (>=0.3.0 <=0.5.0)

@mozilla/readability NPM version =0.3.0, =0.5.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.2.0, =0.1.0, =0.1.5-alpha.0, =0.1.0, =1.7.0, =1.8.4 and more Source cves: CVE-2025-2792 Source advisory: OSV:GHSA-3P6V-HRG8-8QJ7...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the JsoupHtmlTextExtractor function. An attacker can cause unbounded memory consumption leading to a denial of service by sending crafted HTML content that triggers excessive memory allocation. Details Denial o...

CVE-2024-55504

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploitcombined.dylib component on MacOS...

CVE-2024-55504

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploitcombined.dylib component on MacOS...

CVE-2024-55504

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploitcombined.dylib component on MacOS...

CVE-2024-55504

CVE-2024-55504 affects RAR Extractor - Unarchiver Free and Pro (v.6.4.0) on macOS, where the exploit_combined.dylib component enables local code injection that could lead to remote control and access to sensitive data. The issue is rooted in the dylib component and is reflected with a CVSSv3.1 ba...

Malicious code in api-extractor-lib1-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adb0d44be0297f3bc8ce73518bf26326d7d8635516dd7e33c4b0d8f0e159054e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-160 Malicious code in api-extractor-lib1-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adb0d44be0297f3bc8ce73518bf26326d7d8635516dd7e33c4b0d8f0e159054e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11331 isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting

The استخراج محصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to...

Malicious code in codeql-extractor-iac-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10883 Malicious code in codeql-extractor-iac-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...

SUSE CVE-2024-47877

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...

Malicious code in api-extractor-model (npm)

--- -= Per source details. Do not edit below this line.=-...