Lucene search
K

124 matches found

Snyk
Snyk
added 2026/01/21 7:34 p.m.3 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the b64decode, standardb64decode, and urlsafeb64decode functions when the altchars parameter is used. An attacker can cause logical errors or compromise data integrity by submitting input containi...

6.3CVSS5.9AI score0.00513EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:34 p.m.9 views

CVE-2025-12781

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

6.3CVSS5.4AI score0.00513EPSS
Exploits1References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 7:34 p.m.4 views

CVE-2025-12781 base64.b64decode() always accepts "+/" characters, despite setting altchars

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

6.3CVSS5.4AI score0.00513EPSS
Exploits1References8
OSV
OSV
added 2026/01/21 7:34 p.m.5 views

PSF-2026-7

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

6.3CVSS5.5AI score0.00513EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.6 views

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, where functions such as b64decode, standardb64decode, and urlsafeb64decode always accept the + and/or character, which may lead to data integrity issues...

6.3CVSS5.8AI score0.00513EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/19 8:37 a.m.4 views

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

6.5CVSS5.4AI score0.00403EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/14 5:56 p.m.3 views

CVE-2026-22858 FreeRDP has a global-buffer-overflow in crypto_base64_decode

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

6.1CVSS6.5AI score0.00599EPSS
Exploits1References2
CVE
CVE
added 2026/01/14 5:56 p.m.46 views

CVE-2026-22858

CVE-2026-22858 affects FreeRDP prior to 3.20.1, where a global-buffer-overflow can occur in the Base64 decoding path due to implementation‑defined char signedness causing out‑of‑bounds access. The vulnerability is fixed in 3.20.1; multiple advisories (SUSE/SLES/OpenSUSE/Fedora) reference updating...

9.1CVSS6.5AI score0.00599EPSS
Exploits1References19Affected Software1
OSV
OSV
added 2026/01/14 5:56 p.m.12 views

CVE-2026-22858 FreeRDP has a global-buffer-overflow in crypto_base64_decode

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

6.1CVSS5.9AI score0.00599EPSS
Exploits1References21
Cvelist
Cvelist
added 2026/01/10 12:31 a.m.28 views

CVE-2026-22697 CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

7.5CVSS0.00453EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/10 12:31 a.m.4 views

CVE-2026-22697 CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...

7.5CVSS7.7AI score0.00453EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.3 views

FreeBSD : www/varnish-libvmod-digest -- base64 decoding vulnerability (64bec4c7-d785-11f0-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 64bec4c7-d785-11f0-a1c0-0050569f0b83 advisory. varnish developers report: Common usage of vmod-digest is for basic HTTP authentication, in which case ...

6.5CVSS6.6AI score0.0049EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.4 views

Mozilla Thunderbird < 52.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-13 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex...

9.8CVSS7.7AI score0.18756EPSS
Exploits22References31
NVD
NVD
added 2025/10/16 6:15 p.m.5 views

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

6.5CVSS0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 12:0 a.m.20 views

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13430

Malware in sbrugna...

7.5CVSS7.4AI score0.04858EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/09/05 12:57 p.m.4 views

Security update for iperf

This update for iperf fixes the following issues: Update to 3.19.1: CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow bsc1247519. CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt bsc1247520...

7.5CVSS7.4AI score0.004EPSS
Exploits0References12
Microsoft CVE
Microsoft CVE
added 2025/09/04 10:37 a.m.5 views

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.

...

5.3CVSS7AI score0.00398EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-3804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated...

7.5CVSS7.1AI score0.04858EPSS
Exploits0References2
CVE
CVE
added 2025/08/13 6:14 a.m.30 views

CVE-2025-8760

CVE-2025-8760 analysis (INSTAR 2K+/4K): A buffer overflow in the fcgi_server component (base64_decode) is triggered by manipulating the Authorization argument, allowing remote exploitation in INSTAR 2K+ and 4K, version 3.11.1 Build 1124. Several sources (e.g., Red Hat entry, CVE lists, PT-Securit...

10CVSS7.4AI score0.00697EPSS
Exploits0References3
Rows per page
Query Builder