1011 matches found
CVE-2026-1484
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...
CVE-2026-1484
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...
CVE-2026-1484 Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...
EUVD-2026-4825
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...
CVE-2026-1484
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...
Glib buffer error vulnerability
GLib is a general-purpose, portable utility library for the GNOME project. It provides many useful data types, macros, type conversions, string utilities, file utilities, and abstraction for main loops. GLib has a buffer error vulnerability, which stems from the Base64 encoding routine’s improper...
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code VS Code extensions that are advertised as artificial intelligence AI-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5...
CVE-2021-47812
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...
CVE-2022-50934
CVE-2022-50934 entry rejected; CNA withdrew; not a security issue.
CVE-2026-22697 CryptoLib Has Heap Buffer Overflow Vulnerability in KMC Base64 Decode Handling (KMC JSON base64ciphertext/base64cleartext)
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is...
CVE-2026-22080
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...
CVE-2026-22080
CVE-2026-22080 affects Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router. The root cause is credentials transmitted with reversible Base64 encoding via the web-based management interface. An attacker on the same network can intercept traffic to capture the Base64-encoded credentials, po...
PT-2026-2148
Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers transmit credentials using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network can intercept network...
CVE-2026-22543
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2025-13371
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...
CVE-2025-1709
Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...
CVE-2025-13371 Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...
CVE-2025-13371
CVE-2025-13371 refers to Money Space (Money Space) WordPress plugin. The vulnerability affects all versions up to 2.13.9 and arises from the plugin storing full card data (PAN, cardholder name, expiry, CVV) in WordPress post_meta encoded with base64, then embedding these values into the public ms...
PT-2026-1563
Name of the Vulnerable Software and Affected Versions MoneySpace plugin for WordPress versions prior to 2.13.9 Description The MoneySpace plugin for WordPress exhibits a sensitive information exposure issue. The plugin stores complete payment card details – including Primary Account Number PAN,...
PT-2026-2205
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure encryption method, allowing an attacker intercepting the we...