206 matches found
CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...
PT-2025-43725
Name of the Vulnerable Software and Affected Versions wpForo Forum versions prior to 2.4.9 Description The wpForo Forum plugin for WordPress is susceptible to error-based or time-based SQL Injection through the get members function. This is due to a lack of integer validation on the offset and ro...
CLSA-2025-1760987651 python3: Fix of CVE-2025-8194
Bump package Release to 21.0.5 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative...
BIT-PYTHON-MIN-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
BIT-LIBPYTHON-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
SUSE CVE-2025-8291
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
DEBIAN-CVE-2025-8291
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
UBUNTU-CVE-2025-8291
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
Improper Handling of Length Parameter Inconsistency
Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the zipfile module when the End of Central Directory EOCD Locator record offset is not properly validated. An attacker can modify a crafted ZIP archive to cause incorrect file...
CVE-2025-8291
CVE-2025-8291 affects the Python standard library's zipfile handling. The Zip64 End of Central Directory (EOCD) Locator offset was not validated to match the expected value, causing the zipfile module to treat the EOCD record as the previous entry in the archive, leading to inconsistent handling ...
CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...
EUVD-2018-6260
Malware in sbrugna...
EUVD-2006-0153
Malware in sbrugna...
EUVD-2017-4650
Malware in sbrugna...
EUVD-2021-17236
Malware in sbrugna...
PT-2025-41152
Name of the Vulnerable Software and Affected Versions Python versions prior to 2.3 Description The 'zipfile' module does not validate the ZIP64 End of Central Directory EOCD Locator record offset value, leading to potential discrepancies in how ZIP archives are handled compared to other ZIP...
ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
...
CVE-2025-39943 ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdatatransfer If dataoffset and datalength of smbdirectdatatransfer struct are invalid, out of bounds issue could happen. This patch validate dataoffset and...
SUSE CVE-2025-38715
In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfsbnoderead This patch introduces isbnodeoffsetvalid method that checks the requested offset value. Also, it introduces checkandcorrectrequestedlength method that checks and correct the requested...