EUVD-2026-13684

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

freerdp: FreeRDP global-buffer-overflow

A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...

SUSE-SU-2026:0373-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

SUSE-SU-2026:0355-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

CVE-2026-25067

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...

CVE-2026-1484 Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

Cherry Studio 代码注入漏洞

Cherry Studio is a multi-model AI assistant from China's Thousand Comets Cherry Studio. A code injection vulnerability exists in Cherry Studio, which stems from the direct execution of commands in base64-encoded configuration data when processing URLs of type cherrystudio://mcp, which could lead ...

CVE-2024-6515

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

ABB ASPECT 安全漏洞

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT has a security vulnerability that originates from a web browser interface that may be able to manipulate application usernames/passwords in plaintext or Base64 encoding...

CVE-2022-37134

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tpusrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tpusrname, resulting in stack overflow...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...