CVE-2024-14031

Sereal::Encoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Encoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

CVE-2024-14031 Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library

Sereal::Encoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Encoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

CVE-2024-14031

CVE-2024-14031 affects Sereal::Encoder versions 4.000–4.009_002 for Perl, which embeds the Zstandard (zstd) library vulnerable to CVE-2019-11922. The vulnerability is a race-condition in Zstandard’s one-pass compression, allowing out-of-bounds writes when the output buffer is smaller than recomme...

CVE-2024-14031

Sereal::Encoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...

PT-2026-29223

Name of the Vulnerable Software and Affected Versions Sereal::Encoder versions 4.000 through 4.009 002 Description Sereal::Encoder for Perl includes a vulnerable version of the Zstandard zstd library. A race condition exists in the one-pass compression functions of Zstandard versions prior to...

Sereal::Encoder 安全漏洞

Sereal::Encoder is a coding module developed by YVES’s individual developers, designed to convert data into high-performance binary serialization formats. Versions 4.000 to 4.009002 of Sereal::Encoder contain security vulnerabilities. These vulnerabilities stem from a buffer out-of-bounds write...

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +8 more potentially affected by CVE-2026-33940 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =1.31.0, =1.37.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33940 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803087...

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +8 more potentially affected by CVE-2026-33939 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =1.31.0, =1.37.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33939 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15807043...

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +8 more potentially affected by CVE-2026-33938 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =1.31.0, =1.37.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33938 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803083...

GHSA-F359-R3PV-2PHF AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

Summary isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by redirecting from a public URL to an internal target. Root Cause Check-time:...

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-33482

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails ...

CVE-2019-25650 River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lameenc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SE...

River Past CamDo 缓冲区错误漏洞

River Past CamDo is a screen recording and camera capture tool developed by River Past Corporation. Version 3.7.6 of River Past CamDo contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the structured exception handler, which may allow local attackers to...

PT-2026-28536

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo, an open source video platform, is susceptible to a Server-Side Request Forgery SSRF bypass. The isSSRFSafeURL function validates URLs against private IP ranges before fetching, but t...

GHSA-8WF4-C4X3-H952 AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL

Summary The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing an invalid resolution parameter, an attacker triggers an early die via...

AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL

Summary The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing an invalid resolution parameter, an attacker triggers an early die via...

MGASA-2026-0067 Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick has a stack write buffer overflow in MNG encoder. CVE-2026-28690 GraphicsMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder. CVE-2026-30883...

Updated graphicsmagick packages fix security vulnerabilities

GraphicsMagick has a stack write buffer overflow in MNG encoder. CVE-2026-28690 GraphicsMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder. CVE-2026-30883...

CVE-2026-33717

Summary: CVE-2026-33717 affects WWBN AVideo (versions up to 26.0). The vulnerability in the downloadVideoFromDownloadURL() function stores remote content in a web-accessible temp directory using the original URL filename/extension (including .php). By passing an invalid resolution parameter, an a...