DEBIAN-CVE-2025-64736

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-64736

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-64736

The CVE-2025-64736 entry documents an out-of-bounds read in The Biosig Project libbiosig 3.9.2 and the Master Branch (commit 5462afb0) during ABF file parsing. A specially crafted .abf file can trigger an information leak, with an attacker able to supply the malicious file to exploit the vulnerab...

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

CVE-2026-22891

CVE-2026-22891 describes a heap-based buffer overflow in the Intan CLP parsing functionality of the Biosig Project’s libbiosig 3.9.2 and its Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution, with an attacker able to provide a malicious file to trig...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. CVE-2026-24677: heap-buffer-overflow in...

SUSE-SU-2026:0763-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. - CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. - CVE-2026-24677:...

SUSE CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

SUSE CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

PT-2026-22739

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005596 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are...

The Biosig Project libbiosig ABF parsing out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2025-2323 The Biosig Project libbiosig ABF parsing out-of-bounds read vulnerability March 3, 2026 CVE Number CVE-2025-64736 SUMMARY An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch...

OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

Directory Traversal

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the fileformat parameter in the savereport tool. An...

GHSA-VMWQ-8G8C-JM79 OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Protocol Buffers vulnerability (USN-8063-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8063-1 advisory. It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict function is being...

PT-2026-23001

Name of the Vulnerable Software and Affected Versions OpenChatBI versions prior to 0.2.2 Description OpenChatBI is a chat-based BI tool that allows users to query and analyze data using natural language. The save report tool within the openchatbi/tool/save report.py component is susceptible to a...

Greenshot < 1.3.311 OS Command Injection (GHSA-7hvw-q8q5-gpmj)

The Greenshot installation on the remote Windows host is prior to 1.3.311. It is, therefore, affected by a command injection vulnerability: - The FormatArguments method in ExternalCommandDestination.cs uses string.Format to insert user-controlled filenames directly into shell commands without...

Fedora 43 : libmaxminddb (2026-814a1deec8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-814a1deec8 advisory. libmaxminddb 1.13.1 - Re-release for Ubuntu PPA, no code changes. libmaxminddb 1.13.0 - MMDBgetentrydatalist now validates that the claimed array/map size is...