CVE-1999-0141

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet...

CVE-2025-54065

GZDoom (versions 4.14.2 and earlier) is affected. In ZScript actor state handling, scripts can read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted FState and VMFunction structures. A script can copy FState structures into a writa...

CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

EUVD-2025-201101

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

PT-2025-48964

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

Security Bulletin: Due to use of Business Automation Workflow, Cloud Pak System is affected by out-of-bounds write vulnerability [CVE-2022-42920]

Summary IBM Business Automation Workflow is shipped as IBM Business Automation Workflow Pattern Type pType of IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class...

Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.1+8 October 2025 CPU Security fixes: JDK-8360937, CVE-2025-53057, bsc1252414: Enhance certificate handling JDK-8356294, CVE-2025-53066, bsc1252417: Enhance Path Factories JDK-8359454, CVE-2025-61748,...

SUSE-SU-2025:4287-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.1+8 October 2025 CPU Security fixes: + JDK-8360937, CVE-2025-53057, bsc1252414: Enhance certificate handling + JDK-8356294, CVE-2025-53066, bsc1252417: Enhance Path Factories + JDK-8359454, CVE-2025-61748,...

CVE-2025-64713

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the preservelocalforblock function, when handling a sequence where a GETGLOBALI32 opcode is followed by an if opcode in fast interpreter mode. An attacker can cause out-of-bounds access to the frameoffsetbottom arr...

EUVD-2025-198844

Malicious code in bytecode-checker-cli npm...

Malicious code in bytecode-checker-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b98e19304d760275f4ded25b69604ea9eb988c2b13681aafd2a400f0319a38c The package bytecode-checker-cli was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190833 Malicious code in bytecode-checker-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b98e19304d760275f4ded25b69604ea9eb988c2b13681aafd2a400f0319a38c The package bytecode-checker-cli was found to contain malicious code. Source: ghsa-malware...

TencentOS Server 4: bcel (TSSA-2025:0575)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0575 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2020-10878)

Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. This plugin only works with Tenable.ot. Please visit...

Bytecode-Centric Detection of Known-To-Be-Vulnerable Dependencies in Java Projects

On average, 71% of the code in typical Java projects comes from open-source software OSS dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a considerable security risk of adding known security vulnerabilities to...

Privilege Escalation

PyInstaller is vulnerable to Privilege Escalation. The vulnerability is due to the bootstrap process appending a special entry to sys.path and attempting to load an optional bytecode-decryption module while that entry is present, which allows an attacker who can create files/directories next to t...

UBUNTU-CVE-2025-62495

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

CVE-2025-62495 Type confusion in string addition in QuickJS

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

CVE-2025-62495 Type confusion in string addition in QuickJS

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...