CVE-2025-6208

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

CVE-2025-6208

The CVE-2025-6208 issue affects llama_index.core, specifically the SimpleDirectoryReader class, where the configured num_files_limit is enforced after all files in a directory are loaded into memory. This causes uncontrolled memory consumption and potential DoS in resource-constrained environment...

CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

OSV-2026-170 Use-of-uninitialized-value in pcpp::PcapNgFileReaderDevice::getNextPacketInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479882050 Crash type: Use-of-uninitialized-value Crash state: pcpp::PcapNgFileReaderDevice::getNextPacketInternal pcpp::IFileReaderDevice::getNextPackets FuzzWriter.cpp...

GHSA-5W5R-MF82-595P Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2026-1283

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1284

CVE-2026-1284 is an Out-Of-Bounds Write in the EPRT file reading path of SOLIDWORKS eDrawings, affecting SOLIDWORKS Desktop 2025–2026. A crafted EPRT file could enable arbitrary code execution during file open. Multiple sources corroborate the same description across NVD/Red Hat/CIRCL/CVE lists, ...

CVE-2026-1284 Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1283 Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2026-20613

The CVE-2026-20613 issue is in ArchiveReader.extractContents() used by cctl image load and container image load. It does not validate pathnames when extracting archive members, enabling a crafted archive with relative paths to write files to arbitrary user-writable locations on the host. Document...

EUVD-2026-4205

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

CVE-2026-23951 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...