CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

UBUNTU-CVE-2025-38249

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 In sndusbgetaudioformatuac3, the length value returned from sndusbctlmsg is used directly for memory allocation without validation. This length is controlled by...

kernel: udf: Fix a slab-out-of-bounds write bug in udf_find_entry()

In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udffindentry Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ================================================================== BUG: KASAN:...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, is related to memory corruption. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DWG format files...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom; the software for modeling and analyzing 3D models in Autodesk Navisworks Simulate; and the software for analyzing, coordinating, and verifying 3D models and project data in Autodesk Navisworks Manage, allows a malicious actor to execute arbitrary code.

The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom, as well as the software for modeling, analyzing, and simulating 3D models in Autodesk Navisworks Simulate, and the software for analyzing, coordinating, and verifying 3D...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin for IrfanView, a program for viewing and playing graphic, video, and audio files, is related to the execution of operations beyond the buffer boundaries in memory during the processing of DXF files. Exploiting this vulnerability allows an attacker to execu...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

SUSE CVE-2025-6818

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5Ochunkprotect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may ...

jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...

SAP SAPCAR 安全漏洞

SAP SAPCAR is a utility program for compressing and/or decompressing SAP archive files from SAP, Germany. A security vulnerability exists in SAP SAPCAR that stems from the ability of an elevated privilege user to create malicious SAR archives that could result in elevated privileges...

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the ability to read data beyond the buffer in memory, allowing attackers to disclose protected information.

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the reading of data beyond the buffer boundaries in memory during file processing for U3D files. Exploiting this vulnerability can allow attackers to disclose protecte...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in its ability to copy buffers without checking the size of the input data. This allows attackers to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality lies in the copying of buffers without checking the size of the input data when processing GIF files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality is related to the occurrence of operations outside the buffer during the processing of PRC files. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the ability to read data beyond the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the reading of data beyond the buffer boundaries in memory during file processing for U3D files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software, related to the occurrence of operations outside the buffer in memory, allows attackers to disclose protected information.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality is related to the occurrence of operations outside the buffer during the processing of PRC files. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the use of memory after it is freed, allowing an attacker to disclose protected information.

The vulnerability of PDF viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the use of memory after it is freed during file processing for U3D operations. Exploiting this vulnerability can allow attackers to disclose sensitive information that is...

ClamAV 0.99.4 < 1.0.9, 1.2.0 < 1.4.3 Multiple Vulnerabilities

According to its version, the ClamAV clamd antivirus daemon running on the remote host is 0.99.4 prior to 1.0.9, 1.2.0 prior to 1.4.3. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...