CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

EUVD-2026-36027

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...

CVE-2026-53689

CVE-2026-53689 relates to libnfs up to 6.0.2 (before commit 55c18ea). The issue is that libnfs_zdr_string in lib/libnfs-zdr.c does not validate a string size, causing an integer overflow when connecting to a crafted NFS server. The CVSS data indicates network attacker, high impact to confidential...

CVE-2026-33449

CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service...

EUVD-2026-26413

CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service...

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

CVE-2021-41380

RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service application crash via crafted RFB protocol data. NOTE: It is asserted that this issue requires social engineering a user into connecting to a fake VNC Server. The VNC Viewer application they are using will then hang,...

Kimai contains a SameSite cookie vulnerability

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

EUVD-2020-7192

Malware in sbrugna...

EUVD-2011-5247

Malware in sbrugna...

EUVD-2025-32209

Malicious code in bioql PyPI...

CVE-2025-54087

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...

CVE-2024-39840

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects...

AZL-55063 CVE-2025-21614 affecting package packer for versions less than 1.9.5-5

go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...

DEBIAN-CVE-2025-21614

go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...

CVE-2024-39840

Factorio before 1.1.101 is affected. A crafted server map can trigger arbitrary code execution on clients by abusing certain Lua base module functions to execute bytecode and create fake objects. Affected component: Factorio server/client interaction via custom maps; root cause: Lua base module f...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

AZL-35095 CVE-2023-49568 affecting package packer for versions less than 1.9.5-1

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...