EUVD-2022-36081

Malicious code in bioql PyPI...

EUVD-2023-54107

Malicious code in bioql PyPI...

CVE-2025-39839

CVE-2025-39839 (Linux kernel) : In batman-adv network-coding decode, batman-adv NC code decodes skb data by XORing with coded_len without verifying the source skb length, only checking payload against destination skb length. This can produce a local out-of-bounds read and a small out-of-bounds wr...

CLSA-2025-1758193800 php: Fix of CVE-2020-7067

CVE-2020-7067: fix negative indexing in phpurldecode function...

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

PT-2025-35512

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.1 Description A vulnerability exists in the decodeUrl2 function of the common/src/main/java/com/jeesite/common/codec/EncodeUtils.java file. This allows for cross site scripting, and the attack can be launch...

Linux Distros Unpatched Vulnerability : CVE-2025-46646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for...

CLSA-2025-1753209049 Fix CVE(s): CVE-2025-4516

SECURITY UPDATE: improper handling of 'decode' function with 'unicodeescape' encoding in bytes - debian/patches/CVE-2025-4516.patch: Fix use-after-free in the 'unicode- escape' decoder with a non-'strict' error handler - CVE-2025-4516...

CVE-2023-51773

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacappdecodeapplicationdata in bacapp.c...

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

CVE-2022-43043

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BDCheckSFTimeOffset at /bifs/fielddecode.c...

CVE-2022-33025

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decodepreR13section at decoder11.c...

CVE-2019-20910

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decodeR13R2000 in decode.c, a different vulnerability than CVE-2019-20011...

CVE-2019-20011

An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decodeR13R2000 in decode.c...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in the Open5GS oainas5gmmdecode function, which can be exploited by an attacker to trigger a denial of service DoS via a crafted NGAP packe...

CVE-2020-1819

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

ALPINE-CVE-2024-46954

An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...

ROS-20241001-10

A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...

CVE-2024-21522

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions it is not checked for negative values. This can lead to a process crash...