gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow in GIMP’s X Window Dump XWD file parser allows an attacker to craft a malicious XWD file or a web page that triggers opening one that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

CVE-2022-27177

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2...

CVE-2019-7712

An issue was discovered in handleripcomshellpwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf without a proper check. An attacker may thus forge a path containin...

CVE-2019-12903

Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information...

CVE-2019-12297

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080...

RLSA-2026:0130 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

binary-exploitation-labs

Binary Exploitation Labs This repository is my long-term pu...

SUSE CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

SUSE CVE-2025-15274

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

SUSE CVE-2025-15277

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2026-2164

Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16 Description Panda3D’s egg-mkfont utility contains an uncontrolled format string issue. The -gp command-line option is directly used as the format string for the sprintf function with a single...

CVE-2025-66837

CVE-2025-66837 concerns ARIS 10.0.23.0.3587512, where a file upload vulnerability in the upload handling could allow an attacker to execute arbitrary code by submitting a crafted PDF file containing malware. The NVD entry lists a CVSSv3.1 base score of 6.8 (Medium) with network attack vector, hig...

Exploit for Off-by-one Error in Sudo_Project Sudo

ExploitForge - AI-Powered Automatic Exploit Generation !Pyt...

CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

ALSA-2026:0126 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

XML External Entity (XXE) Injection

Overview org.apache.sis.core:sis-metadata is an Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Affected versions of this package are...

CLSA-2026-1767617469 binutils: Fix of CVE-2025-11083

CVE-2025-11083: fix corrupt ELF section header handling...

CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...