CVE-2026-11853

CVE-2026-11853 affects Debusine. The vulnerability arises in the parser for Debian source packages (.dsc) and upload artifacts (.changes), where it accepts arbitrary fully user-controlled paths. The mergeuploads task could be exploited to create arbitrary symbolic links on a worker, overwriting a...

EUVD-2026-29435

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

org.eclipse.jgit: XXE vulnerability in Eclipse JGit

A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...

CVE-2026-21322

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

CVE-2026-21345

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

CVE-2026-22780

A flaw was found in Rizin, a UNIX-like reverse engineering framework. This heap overflow vulnerability can be exploited when a user parses a malicious mach0 file that contains specially crafted entries for the dynamic linker dyld chained segments. Successful exploitation could allow a remote...

org.eclipse.jgit: XXE vulnerability in Eclipse JGit

A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...

CVE-2025-62608 MLX has heap-buffer-overflow in load()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...

libvirt 安全漏洞

libvirt is libvirt's open source Linux API for implementing Linux virtualization features. it supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtualization products used for other operating systems. A security vulnerability exists in libvirt that stems...

PT-2025-44829

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description An out-of-bounds write issue exists due to insufficient input validation. Parsing a file may lead to unexpected application termination. Recommendations...

Ashlar-Vellum Cobalt 安全漏洞

Ashlar-Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar-Vellum. A security vulnerability exists in Ashlar-Vellum Cobalt that stems from a failure to properly validate the length of user-supplied data when parsing CO files, which could lead to remote cod...

CVE-2025-61806 Substance3D - Stager | Out-of-bounds Read (CWE-125)

Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

EUVD-2009-5124

Malware in sbrugna...

EUVD-2025-28449

Malicious code in bioql PyPI...

Ashlar-Vellum Cobalt Out-of-Bounds Read Vulnerability (CNVD-2025-22912)

Ashlar-Vellum Cobalt is a 3D modeling software developed by Ashlar Vellum, which supports Windows and Mac systems, and is mainly used for 3D modeling and CAD drawing in industrial product design, architectural design and other fields. Ashlar-Vellum Cobalt suffers from an out-of-bounds read...

CVE-2024-54568

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination...

MJM Player 安全漏洞

MJM Player is an audio player from the Australian company MJM. A security vulnerability exists in MJM Player version 2010 that originates from a stack-based buffer overflow when parsing .s3m files, which could lead to the execution of arbitrary code...

Autodesk多款产品 安全漏洞

Autodesk Advance Steel and others are products of Autodesk, Inc. of the U.S. Autodesk Advance Steel is a suite of 3D modeling software for structural analysis of steel reinforcement.Autodesk AutoCAD is a suite of professional 3D drafting software.Autodesk Civil 3D is a suite of building informati...