11 matches found
CVE-2026-15184
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...
EUVD-2026-42580
A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwgbmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the...
[SECURITY] Fedora 44 Update: aw-server-rust-0.14.0^20260516.gitdf49b3d-1.fc44
A re-implementation of aw-server in Rust...
GNU LibreDWG 安全漏洞
GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A security vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a heap buffer overflow in the decompressR2004section function of the src/decode.c file in the Dwgread...
Fedora 42 : pyp2spec (2026-91671b8061)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-91671b8061 advisory. Automatic update for pyp2spec-0.14.1-1.fc42. Changelog for pyp2spec Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves:...
PT-2026-29970
Name of the Vulnerable Software and Affected Versions Shynet versions prior to 0.14.0 Description Shynet versions before 0.14.0 are susceptible to Host header injection within the password reset process. Recommendations Update Shynet to version 0.14.0 or later...
SUSE CVE-2026-29022
drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...
CVE-2026-22787 html2pdf.js has a cross-site scripting vulnerability
html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...
CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...
NLnet Routinator 安全漏洞
NLnet Routinator is an RPKI Resource Public Key Infrastructure validator from the NLnet team written in the Rust language. A security vulnerability exists in NLnet Routinator version 0.14.0 and earlier, which stems from code that initially parses a manifest without checking the contents of the...
PYSEC-2024-299
Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block...