CVE-2025-26623 Use After Free in Exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++...

CVE-2025-26623

CVE-2025-26623 affects Exiv2 (C++ library/CLI) and is caused by a heap buffer overflow in the encoding/writing path. Affected versions are v0.28.0 through v0.28.4; v0.27.7 and earlier are not affected. The overflow occurs when Exiv2 is used to write metadata into a crafted image file, potentially...

AZL-56962 CVE-2025-26603 affecting package vim for versions less than 9.1.0791-4

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

AZL-56913 CVE-2025-26603 affecting package vim for versions less than 9.1.0791-4

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

ALPINE-CVE-2025-26603

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

CVE-2025-26603

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

UBUNTU-CVE-2025-26603

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

CVE-2025-26604

Discord-Bot-Framework-Kernel is affected by CVE-2025-26604 due to an arbitrary user-submitted code execution vulnerability. A malicious module can extract the bot token and, with high privileges, allow the attacker to impersonate the bot or gain near-full control; a blocking module can also be lo...

CVE-2025-26603 heap-use-after-free in function str_to_reg in vim/vim

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

CVE-2025-26603 heap-use-after-free in function str_to_reg in vim/vim

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

CVE-2025-26603

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files. It also allows to show the contents of registers using the :registers or :display ex command. When redirecting the output of...

CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...

PT-2025-6909 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /dashboard/admin/del plan.php. The manipulation of the argument name leads to SQL injection. The attack may be launched...

CVE-2023-42459

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...

RHEL 9 : OpenShift Container Platform 4.13.55 (RHSA-2025:1118)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1118 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

SUSE CVE-2025-1180

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function bfdelfwritesectionehframe of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an...

PT-2025-7059 · Unknown · Audiobookshelf

Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions 2.17.0 through 2.19.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in t...

PT-2025-7051

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.11, 3.0.12, and 3.1.11 Description Rack provides an interface for developing web applications in Ruby. The issue occurs when a server intentionally or unintentionally allows a user creation with the username containi...