JLSEC-2025-272 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

JLSEC-2025-266 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa...

JLSEC-2025-270 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing atta...

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

JLSEC-2025-299 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to...

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127...

JLSEC-2025-273 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

JLSEC-2025-283 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from e...

LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...

JLSEC-2025-260 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_d...

Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...

CVE-2025-62703

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

EUVD-2025-199528

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

PT-2025-48089

Name of the Vulnerable Software and Affected Versions Fugue versions 0.9.2 and earlier Description Fugue is a unified interface for distributed computing. A remote code execution issue exists due to insecure deserialization of data using cloudpickle.loads within the decode function in...

Linux Distros Unpatched Vulnerability : CVE-2025-11971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed a...

Malicious code in super-commit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c1af7533a4794e88dc233547249b656c3a1fd1a87109827755918da11151fbe The package super-commit was found to contain malicious code. Source: ghsa-malware 4ef89565a74f08dc54807acd41e1218c07d6d9ffdb73411163e95c66ba080e61 A...

MAL-2025-191015 Malicious code in super-commit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c1af7533a4794e88dc233547249b656c3a1fd1a87109827755918da11151fbe The package super-commit was found to contain malicious code. Source: ghsa-malware 4ef89565a74f08dc54807acd41e1218c07d6d9ffdb73411163e95c66ba080e61 A...

EUVD-2025-199028

Malicious code in super-commit npm...

Exploit for CVE-2025-62726

CVE-2025-62726 POC - n8n Git Node RCE Educational Purpose...

CVE-2025-64524

A flaw was found in cups-filters. This vulnerability allows a heap buffer overflow and memory corruption, potentially leading to arbitrary code execution or a Denial of Service, via an unvalidated length parameter in the CompressData function of the rastertopclx filter. This can be exploited by a...

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...