CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

EUVD-2026-5597

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to...

kernel: Linux kernel: ALSA: ump buffer overflow via malformed UMP SysEx message

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA Universal MIDI Packet UMP driver. This vulnerability allows a buffer overflow and potential memory corruption via a malformed Universal MIDI Packet UMP System Exclusive SysEx message during MIDI 1.0 to UMP conversion...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a mis-typed conversion vulnerability that originates from the presence of a mis-typed conversion in the loader, which can be exploited ...

Siemens SIMATIC S7-1500 Incorrect Type Conversion or Cast (CVE-2020-10735)

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are not...

CVE-2021-29545

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

UBUNTU-CVE-2025-2152

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The...

The vulnerability of the String.toLowerCase() and String.toUpperCase() methods in the Spring LDAP project, which simplifies work with LDAP (Lightweight Directory Access Protocol), allows an intruder to gain unauthorized access to protected information.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Spring LDAP project, which simplifies the handling of LDAP Lightweight Directory Access Protocol, is related to insufficient registration checks. Exploiting this vulnerability can allow an attacker operating remotel...

CVE-2024-7747

The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...

CLSA-2024-1716917767 unzip: Fix of CVE-2022-0530

CVE-2022-0530: possible flaw occurance during the conversion of a wide string to a local string...

The vulnerability of the Squid proxy server is related to improper conversion between numerical types and uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the Squid proxy server is related to the issue of sending FTP URL addresses in HTTP requests, or creating FTP URL addresses from input data of the FTP Native. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

NVIDIA GPU Display Driver for Linux 安全漏洞

NVIDIA GPU Display Driver for Linux is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in Linux systems. A security vulnerability exists in NVIDIA GPU Display Driver, which stems from a symbol conversion issue that could lead to a denial of...

WellinTech KingHistorian 代码问题漏洞

WellinTech KingHistorian is a tool for data collection and analysis from WellinTech. A security vulnerability exists in WellinTech KingHistorian version 35.01.00.05, which stems from the presence of an integer conversion vulnerability that could be exploited by an attacker to cause a buffer...

SUSE CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

SUSE CVE-2018-17435

A heap-based buffer over-read in H5Oattrdecode in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file...

The vulnerability of the XNU kernel in Apple iOS and Mac OS systems allows attackers to escalate their privileges or execute arbitrary code.

The vulnerability of the XNU kernel in Apple’s iOS and Mac OS systems is related to type conversion errors. Exploiting this vulnerability can allow attackers to enhance their privileges or execute arbitrary code by running a specially created application...

Directory Traversal

Overview convert-svg-to-jpeg is a package for converting SVG to JPEG using headless Chromium. Affected versions of this package are vulnerable to Directory Traversal. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as ...