urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

PT-2026-4769

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description A heap-based buffer overflow exists in the EPRT file reading procedure of SOLIDWORKS eDrawings. This issue could allow an attacker to execute arbitrary code by opening a specially...

PT-2026-4814

Name of the Vulnerable Software and Affected Versions Live Helper Chat versions prior to 4.72 Description A stored Cross-Site Scripting XSS issue exists in the PDF file upload functionality. An attacker can upload a malicious PDF file containing an XSS payload. When a user downloads and opens the...

openSUSE 16 Security Update : gimp (openSUSE-SU-2026:20100-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20100-1 advisory. Changes in gimp: - CVE-2025-14422: Fixed PNM File Parsing Integer Overflow bsc1255293 - CVE-2025-14423: Fixed LBM File Parsing Stack-based Buffe...

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

OESA-2026-1223 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in...

OESA-2026-1222 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in...

Denial-of-service (DoS)

pypdf is vulnerable to denial-of-service DoS. The vulnerability is due to improper handling of PDFs missing the /Root object with a large /Size value in non-strict parsing mode, which allows an attacker to craft an invalid PDF that triggers excessively long runtimes...

[SECURITY] Fedora 43 Update: ghostscript-10.05.1-6.fc43

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

PT-2026-4512

Name of the Vulnerable Software and Affected Versions PDF Complete Corporate Edition version 4.1.45 Description The software contains an unquoted service path issue in the pdfcDispatcher service. This allows local attackers to potentially execute arbitrary code. Exploitation involves leveraging t...

XSS-cheat-sheet-txt-dictionary-by-PortSwigger

XSS cheat sheet dictionary by PortSwigger PortSwigger diction...

CVE-2025-66960

A flaw was found in ollama. A remote attacker can exploit this vulnerability by providing untrusted GGUF GGML Unified Format metadata with a specially crafted string length. This can cause the readGGUFV1String function to improperly process the input, leading to a denial of service, which makes t...

CVE-2025-14295

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

[SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

PT-2026-3931

Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability CWE-257 in the Web session management component allows an attacker to access stored passwords in a recoverable format whi...

i-Vu and Carrier Automated Logic WebCTRL security vulnerabilities

Carrier i-Vu and Carrier Automated Logic WebCTRL are both products of the American company Carrier. Carrier i-Vu is a building management system platform. Carrier Automated Logic WebCTRL is a building automation system. There are security vulnerabilities in versions 6.0 to 9.0 of Carrier i-Vu and...