Advisory ROSA-SA-2026-3301

Component: libconfuse 3.3 Operating System: ROSA-CHROME Unaffected versions: = libconfuse-3.3-3 Affected versions: libconfuse-3.3-3 CVE-ID: CVE-2022-40320 BDU-ID: 2022-05795 CVE-Crit: LOW CVE-DESC.: The vulnerability in the cfgtildeexpand function of the configuration file parser library libConfu...

MB Connect Line mbNET和MB Connect Line mbNET.mini 安全漏洞

MB Connect Line mbNET and MB Connect Line mbNET.mini are both products of the German company MB Connect Line. MB Connect Line mbNET is an industrial router. MB Connect Line mbNET.mini is a remote access router. Both MB Connect Line mbNET and MB Connect Line mbNET.mini have security vulnerabilitie...

CVE-2026-25125 October CMS: Environment Variable Exfiltration via INI Parser Interpolation

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parseinistring function supports $ syntax for environment variable interpolation, attackers with...

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

SUSE CVE-2025-59391

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

EUVD-2025-201786

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

CVE-2025-59391

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

CVE-2025-59391

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

CVE-2025-59391

A memory disclosure vulnerability exists in libcoap’s OSCORE configuration parser. An out-of-bounds read may occur while parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. The issue affects libcoap versions prior to ...

CVE-2025-59391

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This...

libcoap 安全漏洞

libcoap is a C implementation of a lightweight application protocol open-sourced by obgm. A security vulnerability exists in versions prior to libcoap release-4.3.5-patches, which stems from a memory leak in the OSCORE configuration parser that could lead to out-of-bounds reads and information...

EUVD-2023-27018

Malicious code in bioql PyPI...

EUVD-2023-32402

Malicious code in bioql PyPI...

EUVD-2022-32391

Malicious code in bioql PyPI...

CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

CVE-2023-28767

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...

SUSE-SU-2024:2961-1 Security update for osc

This update for osc fixes the following issues: - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. -...

Zyxel USG < 5.37 / ATP < 5.37 / VPN < 5.37 Multiple Vulnerabilities

Firmware version of the Zyxel USG, ATP, VPN is less than 5.37. This Zyxel device firmware is affected by multiple vulnerabilities: - A command injection vulnerability in the Free Time WiFi hotspot feature of some firewall versions could allow an unauthenticated, LAN-based attacker to execute some...

Zyxel USG < 5.37 Command Injection (CVE-2023-28767)

Firmware version of the Zyxel USG, ATP, or VPN is less than 5.37 and is affected by a vulnerability. The configuration parser fails to sanitize user-controlled input. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system OS commands into the devic...

CVE-2023-33012

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...