SAIL Image Decoding Library WebP Image Decoding integer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2224 SAIL Image Decoding Library WebP Image Decoding integer overflow vulnerability August 25, 2025 CVE Number CVE-2025-52456 SUMMARY A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8...

SAIL Image Decoding Library BMPv3 Image Decoding integer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2216 SAIL Image Decoding Library BMPv3 Image Decoding integer overflow vulnerability August 25, 2025 CVE Number CVE-2025-32468 SUMMARY A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8...

MAL-2025-38996 Malicious code in webdriver-mocha-eslint-library-version (npm)

The package webdriver-mocha-eslint-library-version was found to contain malicious code...

Malicious code in webdriver-mocha-eslint-library-version (npm)

The package webdriver-mocha-eslint-library-version was found to contain malicious code...

CVE-2020-11209

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

The path shortening function is used in pnpm： export function depPathToFilename depPath: string, maxLengthWithoutHash: number: string let filename = depPathToFilenameUnescapeddepPath.replace/\/:?"|/g, '+' if filename.includes'' filename = filename .replace/$/, '' .replace/\||/g, '' if...

UBUNTU-CVE-2025-31672

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...

Malicious code in internallib_v590 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec78d3b6f3c622365e71936c4fd09e3057a62055d7b0474ce38ea3b6560b36e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-26877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.30...

CVE-2023-42228

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

CVE-2024-51577

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0...

CVE-2024-50492

Improper Control of Generation of Code 'Code Injection' vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1...

CVE-2024-43684

Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...

CVE-2024-31179

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::TableFeaturePropInstruction::unpack. This issue affects libfluid: 0.1.0...

CVE-2024-31172

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of10::StatsReplyTable::unpack. This issue affects libfluid: 0.1.0...

CVE-2024-37957

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bradmax Bradmax Player allows Stored XSS.This issue affects Bradmax Player: from n/a through 1.1.27...

SUSE CVE-2024-31510

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the cryptosignsignature parameter in the /pqcrystals-dilithium-standardml-dsa-44-ipdavx2/sign.c component...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...