PT-2026-41439

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl free twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

Mozilla -- multiple vulnerabilities

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Denial-of-service in the DOM: Service Workers component. Information...

CVE-2020-10905

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

EUVD-2008-2394

Malware in sbrugna...

EUVD-2023-57336

Malicious code in bioql PyPI...

CVE-2025-2525 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...

Linux Distros Unpatched Vulnerability : CVE-2023-45681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in...

CVE-2024-37997

A vulnerability has been identified in JT Open All versions V11.5, JT2Go All versions V2406.0003, PLM XML SDK All versions V7.1.0.014, Teamcenter Visualization V14.2 All versions V14.2.0.13, Teamcenter Visualization V14.3 All versions V14.3.0.11, Teamcenter Visualization V2312 All versions...

CVE-2024-55875

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

CVE-2022-41146

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

MGASA-2022-0476 Updated thunderbird packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

SUSE-SU-2022:3538-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 bsc1203530: - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution...

CVE-2022-38883

The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2020-186

A double-free is present in libyang before v1.0-r3 in the function yyparse when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...

CVE-2017-1000206

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution...

CVE-2016-4332

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This...

Nokia N70 - L2CAP Packets Remote Denial of Service

Nokia N70 - L2CAP Packets Remote Denial of Service source: https://www.securityfocus.com/bid/16666/info Nokia N70 is reportedly prone to a remote denial-of-service vulnerability. A successful attack can allow an attacker to corrupt memory and to trigger a denial-of-service condition. Arbitrary co...