CVE-2025-14606

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

CVE-2025-14606

CVE-2025-14606 affects tiny-rdm (up to version 1.2.5). The vulnerability lies in the Pickle Decoding component, specifically pickle_convert.go’s pickle.loads, enabling deserialization and a potentially remote attack. The CVE notes remote initiation, with high attack complexity and publicly disclo...

CVE-2025-14606 tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

Tiny RDM 代码问题漏洞

Tiny RDM is a desktop manager by Lykin Personal Developers. A code issue vulnerability exists in Tiny RDM 1.2.5 and earlier versions, which stems from a deserialization issue in the pickle.loads function of the pickleconvert.go file in the Pickle Decoding component, which could lead to remote...

[SECURITY] Fedora 43 Update: dr_libs-0^20251201.877b096-1.fc43

Single-file audio decoding libraries for C/C++...

UBUNTU-CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

USN-7918-1 netty vulnerabilities

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. CVE-2025-58056 Jonas Konrad discovered that Netty did not properly manage memory...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48631

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

openSUSE 16 Security Update : python-cbor2 (openSUSE-SU-2025-20133-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20133-1 advisory. - CVE-2025-64076: Fixed bug in decodedefinitelongstring that causes incorrect chunk length calculation bsc1253746. Already fixed in release 5.6....

Meta React Server Components Remote Code Execution Vulnerability

Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with...

CVE-2025-53965

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking...

📄 Samsung QuramDng Out-Of-Bounds Write

Samsung QuramDng has an invalid LossyJpeg component assumption that leads to an out-of-bounds write. BACKGROUND Samsung Android uses an internal DNG decoding library, QuramDng in libimagecodec.quram.so, to decode images in com.samsung.ipservice and com.samsung.gallery3d. Samsung Gallery will deco...

CVE-2025-21072

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

RockyLinux 8 : container-tools:rhel8 (RLSA-2023:2758)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2758 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-196...

CVE-2025-53965

The CVE-2025-53965 entry concerns a lack of bounds checking in the function that decodes the SOR transparent container, affecting Samsung Mobile Processor, Wearable Processor, and Modem Exynos lines (models including 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930,...

CVE-2025-53965

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking...

PT-2025-48963

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 990 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 850 Samsung Mobile Processor, Wearable...