CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

EUVD-2025-201817

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

EUVD-2023-0099

Malicious code in bioql PyPI...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

Bugsink path traversal via event_id in ingestion

Summary In affected versions, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such...

CVE-2022-25516

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-25514

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-41958

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be...

DEBIAN-CVE-2023-26485

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

CVE-2023-24816 set_term_title command injection in ipython

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requir...

PT-2023-6832 · Python · Python

Name of the Vulnerable Software and Affected Versions: IPython versions prior to 8.10.0 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. Exploitation of this issue may allow an attacker to execute arbitrary commands by...

CVE-2023-0687

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

Design/Logic Flaw

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

PT-2022-27778 · Pdfmake · Pdfmake

Name of the Vulnerable Software and Affected Versions: pdfmake versions up to and including 0.2.5 Description: pdfmake contains an unsafe evaluation of user-controlled input, which can lead to arbitrary code execution in the context of the process running the pdfmake code. Users are advised to...

PT-2022-13743 · Medialize · Uri.Js

Name of the Vulnerable Software and Affected Versions: medialize/uri.js versions prior to 1.19.11 Description: The issue is related to CRHTLF, which can lead to invalid protocol extraction, potentially resulting in XSS. Specifically, characters such as r, , and t in user-input URLs can cause...

CVE-2022-25515

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-25515

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-25516

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-25516

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-25515

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...