CVE-2025-31280

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption...

PT-2025-31453 · Unknown · Simple Car Rental System

Name of the Vulnerable Software and Affected Versions: Simple Car Rental System version 1.0 Description: A problematic issue has been found in the processing of the /admin/add vehicles.php file. Manipulation of the car name argument can lead to cross site scripting. The attack can be initiated...

CVE-2025-43277

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8. Processing a maliciously crafted audio file may lead to memory corruption...

GO-2025-3811 File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser...

CVE-2025-8171

The connected records provide concrete details for CVE-2025-8171 in code-projects Document Management System 1.0. The issue resides in the /insert.php endpoint where manipulation of the uploaded_file argument leads to unrestricted file uploads, enabling remote initiation of an attack. Multiple so...

libxml2: Fix of 2 CVEs

CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file...

PT-2025-31823 · Gnu +1 · Gpac +1

Уязвимость функции m2tsdmx send packet утилиты MP4Box мультимедийной платформы GPAC связана с переполнением буфера в куче при обработке TS-файлов. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код при открытии специально сформированного файла...

GHSA-7XQM-7738-642X File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

Summary A Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint Filebrowser-Server-IP:PORT/files/file-name . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations...

File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

Summary A Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint Filebrowser-Server-IP:PORT/files/file-name . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations...

CVE-2025-53893

CVE-2025-53893 affects the filebrowser/filebrowser 2.38.0 DoS vulnerability where the server loads entire file content into memory during reads (e.g., /files/{file-name} or /api/resources/{file-name}) without size checks, enabling an authenticated user to trigger memory exhaustion and potentially...

Cockpit < 2.11.4 XSS

The version of Cockpit running on the remote web server prior to 2.11.4. A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site...

CVE-2025-3044 MD5 Hash Collision in run-llama/llama_index

A vulnerability in the ArxivReader class of the run-llama/llamaindex repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each othe...

CVE-2025-7053 Cockpit save cross site scripting

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version...

CVE-2025-6855

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

PT-2025-27356 · Unknown · Langchain-Chatchat

Name of the Vulnerable Software and Affected Versions: chatchat-space Langchain-Chatchat versions up to 0.3.1 Description: A critical issue has been found in the processing of the file "/v1/file". The manipulation of the flag argument leads to path traversal. The exploit has been disclosed to the...

CVE-2025-20234 ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability...

UBUNTU-CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

CVE-2025-6006

A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. T...

CVE-2025-5886

CVE-2025-5886 affects Emlog up to version 2.5.7. The issue is a cross-site scripting vulnerability arising from manipulating the active_post argument in /admin/article.php, with remote initiation and a publicly disclosed exploit. Connected sources confirm the vulnerability existence and the affec...

CVE-2025-5797

A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/inserttype.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been...