CVE-2025-27091

OpenH264 decoding vulnerability (CVE-2025-27091) affects OpenH264 2.5.0 and earlier in both SVC and AVC modes. A race condition between SPS memory allocation and subsequent non-IDR NAL memory usage can enable a remote, unauthenticated attacker to trigger a heap overflow by delivering a crafted bi...

CVE-2025-27091 OpenH264 Decoding Functions Heap Overflow Vulnerability

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence...

CVE-2025-27091 OpenH264 Decoding Functions Heap Overflow Vulnerability

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence...

CVE-2025-27091

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence...

SUSE CVE-2025-26603

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

SUSE CVE-2025-26623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++...

BIT-DISCOURSE-2024-53851 Partial denial of service via inline oneboxes in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

BIT-DISCOURSE-2024-55948 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache for example, the cache may have a response with missing preloaded data. This issue only affects anonymous visitors of the site. This problem...

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2025-24965

crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...

Malicious code in type-grid-extra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f90976adff32c133606410534095974fce326bc96f26bbb63e43607418796350 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-26611

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, removerproduto.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized...

CVE-2025-26609

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26610

WeGIA, an open source Web Manager for Institutions, contains a SQL Injection vulnerability in the restaurar_produto_desocultar.php endpoint (parameter id_produto) that allows an authorized attacker to execute arbitrary SQL queries and access sensitive information. The issue has been/addressed in ...

CVE-2025-26612

WeGIA is affected by a SQL Injection in the adicionar_almoxarife.php endpoint. The vulnerability allows arbitrary SQL queries, potentially exposing sensitive data. The issue is addressed in version 3.2.13; upgrading is advised. Some sources also suggest temporary workarounds like restricting acce...

CVE-2025-26614 SQL Injection endpoint 'deletar_documento.php' parameter 'id_cargo' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletardocumento.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access t...

CVE-2025-26616

WeGIA (open source Web Manager) contains a Path Traversal vulnerability in the exportar_dump.php endpoint that could disclose sensitive data in config.php, potentially enabling direct database access. Affected versions are prior to 3.2.14. The issue has been addressed in version 3.2.14, and users...

CVE-2025-26616 Path Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, exportardump.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26623 Use After Free in Exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++...