CVE-2026-49197

The CVE affects web endpoints used by the Acer Connect app, where the Authorization header is not properly validated. The underlying issue is improper handling of Base64 decoding failures, allowing requests that should be blocked. CVSS indicates a CRITICAL impact with high consequences for confid...

CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

CVE-2026-42579

Summary: CVE-2026-42579 affects the Netty framework’s DNS codec. Affected versions: prior to 4.2.13.Final and 4.1.133.Final. Root cause: DNS encoding/decoding did not enforce RFC 1035 domain name constraints. Impact: potential bidirectional attack surface via malicious DNS responses (decoder) or ...

[SECURITY] Fedora 44 Update: python-cbor2-5.6.5-8.fc44

This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...

Advisory ROSA-SA-2025-3064

Software: libwebp 1.0.0 OS: ROSA Virtualization 2.1 unaffected versions = libwebp-1.0.0.0-10.0.1.rv3 affected versions libwebp-1.0.0.0-10.0.1.rv3 CVE-ID: CVE-2023-4863 BDU-ID: TO600, TO601, TO675, TO797, TO826 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the libwebp library for WebP image...

pentestdb

This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...

libtasn1 security update

An update is available for libtasn1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A library that provides Abstract Syntax Notation One ASN.1, as specified by...

[SECURITY] Fedora 42 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc42

Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries...

ALSA-2025:9118 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double-free in libvpx encoder CVE-2025-5283 For more details about the security issues, including the impac...

Privacy-Aware Berrut Approximated Coded Computing Applied to General Distributed Learning

Coded computing is one of the techniques that can be used for privacy protection in Federated Learning. However, most of the constructions used for coded computing work only under the assumption that the computations involved are exact, generally restricted to special classes of functions, and...

The vulnerability of the OpenJPEG library for image encoding and decoding, related to uncontrolled resource consumption, allows a perpetrator to cause a service failure.

The vulnerability of the OpenJPEG library for image encoding and decoding is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created file...

CVE-2024-41951

The CVE-2024-41951 issue affects Pheonix App (PheonixAppAPI) where the map of encoding/decoding languages is visible in the source, described as a moderate impact vulnerability. Root cause: encoding/decoding language mappings exposed in code. Affected versions were prior to 0.2.4, with a patch re...

Command Injection

ImageMagick is vulnerable to Command Injection. The vulnerability exists via video:vsync or video:pixel-format options in VIDEO encoding/decoding which allows an attacker to inject and execute arbitrary codes into the system...

CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

PT-2023-3439 · Unknown +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: A security flaw in ImageMagick causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. This issue is related to the lack...

Libsixel invalid read vulnerability

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. libsixel suffers from an invalid read vulnerability that can be exploited by attackers to cause a denial of service DOS via a specially crafted PSD file...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which is related to buffer overflow in the “heap”, allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to buffer overflow in the “bucket” mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by creating a specially crafted file...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images allows for uncontrolled resource consumption, enabling attackers to cause service failures.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the OpenJPEG library for image encoding and decoding, which arises due to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the src/lib/openjp2/t2.c file of the OpenJPEG image encoding and decoding library exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...