11241 matches found
EUVD-2022-30669
Malicious code in bioql PyPI...
EUVD-2023-1359
Malicious code in bioql PyPI...
EUVD-2025-20473
Malicious code in bioql PyPI...
EUVD-2022-35082
Malicious code in bioql PyPI...
EUVD-2025-6969
Malicious code in bioql PyPI...
EUVD-2022-0964
Malicious code in bioql PyPI...
EUVD-2022-4443
Malicious code in bioql PyPI...
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...
Squid Buffer Overflow Vulnerability (Sep 2025)
Squid is prone to a buffer overflow vulnerability as it mishandles ASN.1 encoding of long SNMP OIDs. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Probeless Vs Probe-Based Variable-Strength Eavesdropping in Quantum Key Distribution
Quantum key distribution QKD is a provably secure way of generating a secret key, which can later be used for encoding and decoding information. In this paper we analyze the effects of an eavesdropper's variable-strength measurements on QKD. Two types of measurements have been considered: i a...
SUSE CVE-2025-59362
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...
CVE-2025-59937
Go-mail (github.com/wneessen/go-mail) vulnerable in versions
CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client
go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...
CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client
go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...
CVE-2025-23274
NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service...
go-mail has insufficient address encoding when passing mail addresses to the SMTP client
Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...
GHSA-WPWJ-69CM-Q9C5 go-mail has insufficient address encoding when passing mail addresses to the SMTP client
Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...
CVE-2025-11155
CVE-2025-11155 describes weak encoding for device password: credentials are sent in base64 inside HTTP headers, which is not encryption, allowing an interceptor to obtain them during login. The CVSS vector indicates Adjacent attack vector, Low attack complexity, no privileges, and Active user int...