ROS-20260209-73-0007

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0005

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0008

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

Command Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to Command Injection via the decodeP7M function. An attacker can execute arbitrary system commands on the server by uploading a ZIP archiv...

CVE-2026-2016 happyfish100 libfastcommon base64.c base64_decode stack-based overflow

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...

CVE-2026-2016

CVE-2026-2016 affects happyfish100 libfastcommon up to version 1.0.84. The vulnerability is in the base64_decode function in src/base64.c, causing a stack-based buffer overflow. Local access is required to exploit. Public disclosure of the exploit is noted. The patch identifier is 82f66af3e252e3e...

CVE-2026-2016 happyfish100 libfastcommon base64.c base64_decode stack-based overflow

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...

EUVD-2026-5685

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...

PT-2026-6717

Name of the Vulnerable Software and Affected Versions happyfish100 libfastcommon versions up to 1.0.84 Description A security issue exists in happyfish100 libfastcommon up to version 1.0.84. The base64 decode function within the src/base64.c file is susceptible to a stack-based buffer overflow...

libfastcommon 安全漏洞

libfastcommon is a C language code library developed by YuQing personally. Versions of libfastcommon prior to 1.0.84 contained security vulnerabilities. These vulnerabilities stemmed from incorrect operations on the base64decode function in the src/base64.c file, which could lead to stack-based...

freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can trigger a client-side heap buffer overflow in the ClearCodec bands decode path. This vulnerability, caused by crafted band coordinates, allows writes past the end of the destination surface...

BIT-DISCOURSE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

CVE-2025-62348

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

EUVD-2025-206569

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

CVE-2025-68934

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

GHSA-RVXJ-7F72-MHRX EGroupware has SQL Injection in Nextmatch Filter Processing

Summary Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the...

CVE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

CVE-2025-68934

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...