CVE-2025-54949

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...

CVE-2025-25468

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c...

PT-2025-5876 · Unknown · Deep-Diver Llm-As-Chatbot

Name of the Vulnerable Software and Affected Versions: deep-diver LLM-As-Chatbot versions prior to commit 99c2c03 Description: The issue allows a remote attacker to execute arbitrary code via the modelsbyom.py component. Recommendations: For deep-diver LLM-As-Chatbot versions prior to commit...

PT-2024-31229 · Mirotalk · Mirotalk

Name of the Vulnerable Software and Affected Versions: Mirotalk versions before commit 9de226 Description: The issue is a DOM-based cross-site scripting XSS vulnerability. This allows attackers to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections...

CVE-2023-44709

PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvgloadfrommemory...

PT-2023-29280 · Plutosvg · Plutosvg

Name of the Vulnerable Software and Affected Versions: PlutoSVG versions prior to commit 336c02997277a1888e6ccbbbe674551a0582e5c4 Description: The issue is related to an integer overflow in the plutosvg load from memory component. No information is provided about the estimated number of potential...

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information...

SUSE CVE-2018-12473

A path traversal traversal vulnerability in obs-service-tarscm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to...

CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

PT-2022-16118 · Unknown · Itunesrpc-Remastered

Name of the Vulnerable Software and Affected Versions: iTunesRPC-Remastered versions prior to commit 24f43aa Description: The issue concerns a discord rich presence application for use with iTunes & Apple Music, where user input is not properly sanitized, allowing code injection. Users are advise...

Engelsystem Cross-Site Request Forgery Vulnerability

Engelsystem is a shift planning system. The system includes features such as team management, event management, attendance management and mail system. A cross-site request forgery vulnerability exists in versions prior to Engelsystem commit hash 2e28336. A remote attacker can exploit this...

PT-2018-9544 · Neo4J Contrib · Neo4J-Apoc-Procedures

Name of the Vulnerable Software and Affected Versions: neo4j-contrib neo4j-apoc-procedures versions before commit 45bc09c Description: The issue is related to a XML External Entity XXE vulnerability in the XML Parser. This can result in disclosure of confidential data, denial of service,...

USN-3405-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...

UBUNTU-CVE-2017-7495

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new...

CVE-2016-7504

A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition...

PT-2017-17770 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.6.2 Description: The issue allows local users to obtain sensitive information from other users' files under specific circumstances. This can happen when the ext4 data=ordered mode is used and a...