VulnCheck KEV: CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...

K000157990: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2023-41175 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions prior to 7.0.13 and prior to 8.0.2, which stems from a stack overflow when SWF decompression is enabled, potentially resulting in a crash...

CVE-2025-59820

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kistgaimport.cpp aka KisTgaImport. Control flow proceeds even when a number of pixels becomes negative...

JLSEC-2025-289 processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow ...

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image...

JLSEC-2025-275 A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0

A stack overflow was discovered in the TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities...

JLSEC-2025-272 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

JLSEC-2025-306 loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a craft...

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

JLSEC-2025-255 A flaw was found in libtiff

A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a crafted TIFF file can lead to an abort, resulting in denial of service...

JLSEC-2025-258 A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's T...

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

JLSEC-2025-244 Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar i...

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...

JLSEC-2025-240 execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b...

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security

Polymorphic malware continually alters its structure to evade signature-based defences, challenging both commercial antivirus AV and enterprise detection systems. This study introduces a reproducible framework for analysing eight polymorphic behaviours-junk code insertion, control-flow obfuscatio...

CVE-2025-63729

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...

Beyond JSON: Converting Spring AI Tool Response Formats to TOON, XML, CSV, YAML, ...

JSON is the go-to format for LLM tool responses, but recent discussions around alternative formats like TOON Token-Oriented Object Notation claim potential benefits in token efficiency and performance. While the debate continues—with critical analyses pointing to context-dependent results—the...

CVE-2025-64720

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A stack-based buffer overflow vulnerability exists in the ILBM file parsing functionality of GIMP. When processing a specially crafted ILBM image file, improper validation of user-supplied data length before copying to a stack buffer can lead to memory corruption. Successful exploitation allows a...

[SECURITY] Fedora 43 Update: calibre-8.14.0-1.fc43

Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...

Revive Adserver Format Character Neutralization Malpractice Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

CVE-2025-11803

The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the wpsitey shortcode and the 'before' attribute in the wpsitepostauthor shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitizati...