51 matches found
CVE-2026-12127
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
CVE-2026-12127
WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...
CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
EUVD-2026-40907
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
CVE-2026-55738 Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field
A stack-based buffer overflow exists in the rawtoheader function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...
CVE-2026-43623
CVE-2026-43623 affects microtar up to version 0.1.0. A stack-based buffer overflow in the raw_to_header() function (src/microtar.c) can be triggered by crafted TAR archives with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar fields, which can write ...
Null Pointer Dereference
github.com/emiago/sipgo is vulnerable to a Null pointer dereference. The vulnerability is due to missing nil checks for the To header in the NewResponseFromRequest function, which allows an attacker to exploit it by sending a malformed SIP request without a To header and crash the application...
SUSE CVE-2009-3727
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...
SUSE CVE-2025-68274
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
CVE-2025-68274
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
CVE-2025-68274
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
EUVD-2025-203854
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
CVE-2025-68274 SIPGO library has response DoS vulnerability via nil pointer dereference
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
CVE-2025-68274 SIPGO library has response DoS vulnerability via nil pointer dereference
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
CVE-2025-68274
CVE-2025-68274 describes a nil pointer dereference in the SIPGO library when building SIP responses with NewResponseFromRequest, triggered if the incoming SIP request is missing a To header. The issue can cause a remote attacker to crash SIP applications that use this function, effectively a deni...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the NewResponseFromRequest function. An attacker can cause the application to crash by sending a specially crafted SIP request that omits the required To header. Remediation Upgrade github.com/emiago/sipgo/s...
SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference
Description A nil pointer dereference vulnerability was discovered in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. T...
GHSA-C623-F998-8HHV SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference
Description A nil pointer dereference vulnerability was discovered in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. T...
PT-2025-51791
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...
EUVD-2010-2839
Malware in sbrugna...