GHSA-HMW2-7CC7-3QXX form-data: CRLF injection in form-data via unescaped multipart field names and filenames

Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...

EulerOS Virtualization 2.13.1 : python-pyasn1 (EulerOS-SA-2026-2387)

According to the versions of the python-pyasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS...

Alibaba Cloud Linux 3 : 0135: resource-agents (ALINUX3-SA-2026:0135)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0135 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-30922: pyasn1 is a generic ASN.1 library f...

CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

CVE-2025-33236

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

EUVD-2015-8529

Malware in sbrugna...

EUVD-2018-19545

Malware in sbrugna...

EUVD-2015-0981

Malware in sbrugna...

EUVD-2015-6768

Malware in sbrugna...

EUVD-2016-4845

Malware in sbrugna...

EUVD-2021-18960

Malware in sbrugna...

EUVD-2024-2773

Malicious code in bioql PyPI...

EUVD-2024-34248

Malicious code in bioql PyPI...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to a logic error in ippreadio which is called internally by cupsDoRequest, ippValidateAttributes has a null dereference. An attacker can cause the application to crash by sending specially crafted data over...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:9142)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9142 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fro...

CVE-2020-12000

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to...

CVE-2013-2276

The avcodecdecodeaudio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.289 Vulnerability Details CVEID:CVE-2023-45283 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix...

CVE-2020-6158

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

CVE-2024-53856 rPGP Panics on Malformed Untrusted Input

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...