Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the json and yaml encoder process. An attacker can cause a heap buffer overwrite by providing specially crafted input data. Remediation A fix was pushed into the master branch but not yet published. References - GitH...

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

openSUSE Security Advisory (SUSE-SU-2025:03624-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-13307

Malicious code in bioql PyPI...

CVE-2025-47229

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service varsetleavequiet assertion failure and application exit via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code...

CVE-2025-47229

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service varsetleavequiet assertion failure and application exit via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code...

CVE-2025-47229

CVE-2025-47229 affects GNU PSPP (libpspp-core.a) up to version 2.0.1. The root cause is a denial-of-service condition triggered by crafted input data that causes a var_set_leave_quiet assertion failure and application exit, via a call path from src/data/dictionary.c into src/data/variable.c. Mult...

CVE-2025-47229

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service varsetleavequiet assertion failure and application exit via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/variable.c code...

PT-2025-18938 · Gnu +1 · Gnu Pspp +1

Name of the Vulnerable Software and Affected Versions: GNU PSPP versions through 2.0.1 Description: The issue allows attackers to cause a denial of service, resulting in an application exit, via crafted input data. This can be triggered by specific data that causes a call from the...

CVE-2024-44809

A remote code execution RCE vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that...

CVE-2024-44809

The CVE-2024-44809 entry corresponds to the Pi Camera project (version 1.0, RECANTHA) with a vulnerability in tilt.php where the position parameter is not properly sanitized. This allows an attacker to craft input that executes arbitrary commands on the server with web server permissions, via rem...

UBUNTU-CVE-2024-43700

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment...

ROS-20240712-02

A vulnerability in the ParseAddressList function of the net/mail package of the Go programming language is related to insufficient verification of display names in the function. verification of display names in the function. Exploitation of the vulnerability could allow an attacker acting remotel...

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file resulting in a program crash or denial of service.

...

Microsoft Windows 输入验证错误漏洞

Microsoft Windows Fax services is a feature component service of Microsoft Corporation USA used to specify fax settings, including how to send, receive, view and print. A remote code execution vulnerability exists in Microsoft Windows Fax Compose Form, which is used to specify fax settings,...

Microsoft Windows Remote Desktop Protocol 代码注入漏洞

A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP, an application used by Microsoft to connect to remote Windows desktops. The vulnerability stems from the failure of a networked system or product to properly filter special elements of code segments...

XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet

A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...