PT-2026-50180

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...

EUVD-2026-36125

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

Infinite loop

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

ROS-20260209-73-0033

A vulnerability in the JWE, JWS, JWT go-jose standards suite implementation package for the Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

EUVD-2019-3580

Malware in sbrugna...

EUVD-2024-1986

Malicious code in bioql PyPI...

EUVD-2025-18585

Malicious code in bioql PyPI...

CVE-2025-49969 WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2...

CVE-2025-38068

CVE-2025-38068: In the Linux kernel, the crypto/lzo path fixed a compression buffer overrun by adding a safe compression interface that checks the end of the output buffer before each write and using it in crypto/lzo. This corrects a prior assumption that the caller always provided sufficient buf...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from crypto/lzo not checking for buffer overflows during compression...

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

WordPress plugin Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid 操作系统命令注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Total Upkeep - WordPress Backup Plugin plu...

unbound security update

1.16.2-5.8 - Prevent unbounded name compression CVE-2024-8508 1.16.2-5.7 - Rebuild to propagate to CentOS Stream RHEL-25500...

About the security content of macOS Ventura 13.7

About the security content of macOS Ventura 13.7 This document describes the security content of macOS Ventura 13.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

The vulnerability of the LZ4 data compression algorithm, which involves errors in number processing, allows a hacker to cause a service failure.

The vulnerability of the lossless LZ4 data compression algorithm is related to errors in number processing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2022-48923

CVE-2022-48923 (Linux kernel) affects btrfs: the bug arises in the LZO decompression path (btrfs/lzo.c) where a compressed length may be corrupted to exceed allocated memory, causing a out-of-bounds write in copy_compressed_segment and potentially a general protection fault. Affected code path is...

CVE-2024-27629

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.15 security update

Red Hat OpenShift Container Platform release 4.15.15 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Code injection

Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...

Cisco IOS XR Security Vulnerability

Cisco IOS XR is a set of operating systems developed by the U.S.-based Cisco for its network devices. A security vulnerability exists in Cisco IOS XR that stems from a security flaw in the classic access control list ACL compression feature that allows an unauthenticated attacker to bypass the AC...