CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the NoCloseOutputStream process. An attacker can cause the application to enter an infinite loop and exhaust system resources by sending specially crafted input to the affected stream writer. Remediation A fix was push...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5FSsectlinksize function. An attacker can cause a crash or denial of service by providing specially crafted input that triggers a heap-based buffer overflow. Remediation A fix was pushed into the mast...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5Ofsinfoencode function. An attacker can cause a crash or disrupt service by providing specially crafted input that triggers a heap-based buffer overflow. Remediation A fix was pushed into the master...

CVE-2022-20673 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

PYSEC-2021-696

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

PT-2022-8865 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX affected versions not specified Description: A floating point exception issue was discovered in the PackLinuxElf64::invert pt dynamic function of the p lx elf.cpp file. An attacker with a crafted input file could trigger this issue, causi...

USN-3974-1 VCFtools vulnerabilities

It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. CVE-2018-11099, CVE-2018-11129, CVE-2018-11130...

CVE-2018-20152

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

glibc: command execution in wordexp() with WRDE_NOCMD specified

It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...