CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

[SECURITY] Fedora 44 Update: python-requests-2.33.1-1.fc44

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

CVE-2019-25617

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter...

CVE-2019-25617 Ease Audio Converter 5.30 Denial of Service via Audio Cutter

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter...

CVE-2019-25617 Ease Audio Converter 5.30 Denial of Service via Audio Cutter

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter...

CVE-2019-25617

The CVE-2019-25617 entry involves Ease Audio Converter 5.30, specifically the Audio Cutter function. A crafted MP4 file with an oversized buffer can be loaded via the Audio Cutter interface, enabling a local attacker to crash the application (denial of service). The issue is described as a local,...

PT-2026-27005

Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter...

Audiotool Ease Audio Converter 安全漏洞

Audiotool Ease Audio Converter is an audio format conversion tool developed by Audiotool Corporation. Version 5.30 of Audiotool Ease Audio Converter has a security vulnerability. This vulnerability stems from a denial-of-service attack in the audio editing function, which may allow local attacker...

CVE-2026-31808

A flaw was found in file-type, a library for detecting file types. A remote attacker can exploit this by providing a specially crafted ASF Advanced Systems Format file. When parsing the file, a zero-sized sub-header can trigger an infinite loop, leading to a Denial of Service DoS. This can stall...

CVE-2026-23868

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

CVE-2026-28691

A flaw was found in ImageMagick. This vulnerability, an uninitialized pointer dereference, exists in the JBIG decoder due to a missing check. A remote attacker could exploit this by providing a specially crafted image file, leading to a denial of service. This could make the ImageMagick applicati...

CVE-2026-27139

A path traversal flaw has been discovered in the golang os module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to...

CVE-2026-30851

A flaw was found in the Caddy server platform, specifically within its reverse proxy module. The 'forwardauth copyheaders' functionality fails to properly strip client-supplied headers. This oversight allows a remote attacker to inject malicious headers, leading to identity injection and...

CVE-2025-69651

A flaw was found in binutils. An attacker could exploit this vulnerability by providing a crafted Executable and Linkable Format ELF binary with malformed relocation or symbol data. Processing this malicious binary leads to an invalid pointer free, which triggers memory corruption checks and caus...

CVE-2026-26017

A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use TOCTOU fla...

CVE-2026-26999

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...

CVE-2026-2297

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

CVE-2026-0540

A cross site scripting flaw has been discovered in the DOMPurify npm library. This flaw allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attackers can include payloads like in attribute...

CVE-2026-28422

A flaw was found in Vim, an open-source command-line text editor. A local user could exploit a stack-buffer-overflow vulnerability in the buildstlstrhl function by rendering a statusline with a multi-byte fill character on a very wide terminal. This could lead to an integrity impact, where data...

CVE-2026-28417

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...