CVE-2026-46130

A flaw was found in the Linux kernel's device-mapper verity forward error correction dm-verity-fec component. This vulnerability occurs because a function responsible for decoding parity data makes an incorrect assumption about how these data blocks are read. Under specific, non-default...

CVE-2026-44289

CVE-2026-44289 affects protobufjs. Before versions 7.5.6 and 8.0.2, decoding nested protobuf data could recurse without a depth limit, affecting both skipping unknown group fields and generated decoding of nested message fields. A crafted binary payload could exhaust the JavaScript call stack, ca...

GHSA-685M-2W69-288Q protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

CVE-2025-47392

CVE-2025-47392 describes a memory corruption issue that occurs when decoding corrupted satellite data files with invalid signature offsets. The NVD records a CVSS v3.1 base score of 8.8 (HIGH) with adjacent attack vector, no privileges or user interaction required, and high impact on confidential...

PT-2026-30638

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

USN-7918-1 netty vulnerabilities

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. CVE-2025-58056 Jonas Konrad discovered that Netty did not properly manage memory...

EUVD-2021-17231

Malware in sbrugna...

EUVD-2020-5390

Malware in sbrugna...

EUVD-2020-5039

Malware in sbrugna...

EUVD-2016-5331

Malware in sbrugna...

CLSA-2024-1721206783 freerdp: Fix of 12 CVEs

CVE-2023-39352: add bound check in gdiSolidFill - CVE-2023-39353: check indices are within range - CVE-2023-39356: fix checks for multi opaque rect - CVE-2023-40181: fix cBitsRemaining calculation - CVE-2023-40186: fix integer multiplications - CVE-2023-40188: fix input length validation -...

CVE-2023-39914

The CVE-2023-39914 vulnerability affects NLnet Labs’ bcder library up to version 0.7.2. The root cause is a panic during decoding of certain invalid input data, instead of rejecting it with an error. This can impact both the decoding stage and access to content of types that use delayed decoding....

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. Weve already seen some fruits of that labor, such as the Q4-2022 and 2022 Year-End ThreatStats™ Report, and some very tasty product upgrades...

CVE-2022-39317 Out of bounds read in zgfx decoder in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...

[SECURITY] Fedora 35 Update: golang-github-rwcarlsen-goexif-0-0.9.20191017git9e8deec.fc35

This package provides decoding of basic exif and tiff encoded data...

CVE-2019-14011

CVE-2019-14011 concerns multiple Read overflow issues caused by improper length checks during decoding of 3G attach accept/SMS/PDN connection reject/esm data transport/bearer modify context reject in Qualcomm Snapdragon lineups (Auto, Compute, IoT, Wearables, etc.) across numerous SoCs and produc...

Hacking Hardware Password Managers: Royal Vault Password Keeper

TL;DR: Taking three hardware password managers I used them to: Learn the basics of hardware hacking Practice disassembling Perform chipset research Understand pinouts and protocols Read data off each device The royal password vault boards looked to be reused from a previous hardware device with...