CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

EUVD-2026-33878

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

PT-2026-45690

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64 decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...

Malicious code in corelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

CVE-2026-42420

OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input...

📄 GLib Memory Exhaustion

The gbase64decode function in the GLib library fails to enforce input size limits, allowing attackers to input extremely large Base64-encrypted data, resulting in uncontrolled memory allocation. This vulnerability can be exploited by providing a specially crafted, but syntactically correct, Base6...

OESA-2026-1461 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2026-2703

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decodebase64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access...

PT-2026-20595

Name of the Vulnerable Software and Affected Versions xlnt versions up to 1.6.1 Description A flaw exists in the xlnt::detail::decode base64 function within the Encrypted XLSX File Parser component, specifically in the source/detail/cryptography/base64.cpp file. This can lead to an off-by-one...

OESA-2026-1356 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2026-2016 happyfish100 libfastcommon base64.c base64_decode stack-based overflow

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...

CVE-2026-2016

CVE-2026-2016 affects happyfish100 libfastcommon up to version 1.0.84. The vulnerability is in the base64_decode function in src/base64.c, causing a stack-based buffer overflow. Local access is required to exploit. Public disclosure of the exploit is noted. The patch identifier is 82f66af3e252e3e...

CVE-2026-2016 happyfish100 libfastcommon base64.c base64_decode stack-based overflow

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...

EUVD-2026-5685

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...

PT-2026-6717

Name of the Vulnerable Software and Affected Versions happyfish100 libfastcommon versions up to 1.0.84 Description A security issue exists in happyfish100 libfastcommon up to version 1.0.84. The base64 decode function within the src/base64.c file is susceptible to a stack-based buffer overflow...

libfastcommon 安全漏洞

libfastcommon is a C language code library developed by YuQing personally. Versions of libfastcommon prior to 1.0.84 contained security vulnerabilities. These vulnerabilities stemmed from incorrect operations on the base64decode function in the src/base64.c file, which could lead to stack-based...