CVE-2025-7616 gmg137 snap7-rs Public API pthread_cond_destroy memory corruption

A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthreadconddestroy of the component Public API. The manipulation leads to memory corruption. The exploit has been disclosed to the public and may be used...

PT-2025-29476 · Snap7-Rs · Snap7-Rs

Name of the Vulnerable Software and Affected Versions: snap7-rs versions up to 1.142.1 Description: A critical issue exists in snap7-rs related to memory corruption. The pthread cond destroy function within the Public API component is affected. The exploit for this issue has been publicly...

snap7-rs 缓冲区错误漏洞

snap7-rs is a library for C++ by the individual developer gmg137. A buffer error vulnerability exists in snap7-rs 1.142.1 and earlier versions, which stems from memory corruption due to incorrect operation of the function pthreadconddestroy in the component Public API...

anon-vec lacks sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

GHSA-WV8J-M3HX-924J Arrow2 allows out of bounds access in public safe API

Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...

CVE-2022-46383

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

CVE-2021-25760

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...

CVE-2019-8902

An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI...

CVE-2025-4211

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPa...

scanner has a Public API without sufficient bounds checking

Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...

GHSA-79M9-55JC-P6MW scanner has a Public API without sufficient bounds checking

Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...

tanton_engine has unsound public API

The following functions in the tantonengine crate are unsound due to lack of sufficient boundary checks in public API: - Stack::offset - ThreadStack::get - RootMoveList::insertscoredepth - RootMoveList::insertscore The tantonengine crate is no longer maintained, so there are no plans to fix this...

RUSTSEC-2025-0039 Lack of sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

Lack of sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

PT-2025-20009 · Crates.Io · Tanton Engine

The following functions in the tanton engine crate are unsound due to lack of sufficient boundary checks in public API: - Stack::offset - ThreadStack::get - RootMoveList::insert score depth - RootMoveList::insert score The tanton engine crate is no longer maintained, so there are no plans to...

[SECURITY] Fedora 40 Update: augeas-1.14.2-0.4.20250324git4dffa3d.fc40

A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and...

RUSTSEC-2025-0033 Public API without sufficient bounds checking

Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...

CVE-2024-12108

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API...

SUSE-SU-2025:20094-1 Security update for python-requests

This update for python-requests contains the following fixes: - Add patch to fix to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 - Remove Requires on python-py, it should have been removed earlier. - update to 2.32.3: Fixed bug breaking the ability to specify...