CVE-2025-70067

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy without runtime length validation...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the FileBasedKeyLifecycleManager class while handling contents of .key files. An attacker can execute arbitrary code by placing a crafted serialized Java object in the key directory, which is then...

GHSA-H2H4-5M64-M273 Apache ActiveMQ: Improper validation and restriction of a classpath path name

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

GHSA-7587-4WV6-M68M rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895

Summary It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use,...

CVE-2020-37131 Product Key Explorer 4.2.2.0 - 'Key' Denial of Service

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field t...

EUVD-2020-31033

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field t...

EUVD-2021-20469

Malware in sbrugna...

EUVD-2009-1189

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-7407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. CVE-2016-7407 Note that...

EulerOS 2.0 SP11 : coreutils (EulerOS-SA-2025-1948)

According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory...

CVE-2024-33665

angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks...

Directory Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal over the wipedatabase endpoint. An attacker can delete any directory on the target filesystem by sending a specially crafted HTTP request that manipulates the...

GHSA-PV4P-CWWG-4RPH Django SQL injection vulnerability

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

DEBIAN-CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

CVE-2024-21507

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key...

K20145801: Mozilla NSS vulnerability CVE-2016-1979

Security Advisory Description Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified othe...

SUSE CVE-2015-7854

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

SUSE CVE-2021-23993

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...

django: Potential information disclosure in dictsort template filter

An information-disclosure flaw was found in Django, where the dictsort filter in Django's Template Language did not correctly validate user input. A network attacker could exploit this flaw using a suitably crafted key to force information disclosure or unintended method calls...

Django 输入验证错误漏洞

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes an object-oriented mapper, view system, template system, etc. A security vulnerability exists in Django versions 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1...