74050 matches found
tinytag 安全漏洞
Tinytag is a Python library developed by Tinytag that reads metadata from audio files. Version 2.2.0 of Tinytag contains a security vulnerability. This vulnerability stems from an incorrect assumption during the parsing of ID3v2 SYLT frames, which may lead to non-terminating loops and cause...
Full Network Nonlocality Based Security in Quantum Key Distribution
In the last decade research of quantum nonlocality has moved beyond the regime of standard Bell nonlocality to consider network-based experimental set-ups involving multiple independent sources. Notion of full network nonlocality has emerged as some truly network phenomena that cannot be realized...
astral-tokio-tar 安全漏洞
astral-tokio-tar is an open-source Rust library developed by Astral. Versions of astral-tokio-tar 0.5.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a silent skipping of format-errors PAX extensions during the parsing of tar archives. Such behavior could potential...
libde265 缓冲区错误漏洞
libde265 is a video codec developed by Struktur AG as open source. Versions of libde265 prior to 1.0.17 contained a buffer error vulnerability. This vulnerability arises from out-of-bounds heap writes when processing specially crafted HEVC bitstreams...
PT-2026-26760
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.54 Parse Server versions prior to 9.6.0-alpha.43 Description Parse Server contains a flaw where an attacker can subscribe to LiveQuery using a watch parameter that targets a protected field. While the actual...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 146.0.7680.153, there was a vulnerability related to input validation. This vulnerability stemmed from integer overflow in the ANGLE component, which could allow remote attackers to exploit heap corruption through...
KLA90954 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Integer underflow vulnerability in Dawn can be exploited to cause denial of service. 2. Out of bounds memory read...
Gainsight Assist 安全漏洞
Gainsight Assist is a customer communication template management tool developed by Gainsight Inc. There is a security vulnerability in Gainsight Assist, which stems from improper handling of the errordescription parameter. This vulnerability may lead to reflective cross-site scripting attacks...
free5GC 输入验证错误漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.2.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from excessive slicing access within the CHF nchf-convergedcharging service, which could lea...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of UDM errors; when a downstream error of 400 was converted to an error of 500, it could lea...
CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
PT-2026-26768
Name of the Vulnerable Software and Affected Versions Syft versions prior to 1.42.3 Description Syft did not properly remove temporary files if temporary storage became full during a scan. This occurred when unpacking archives, specifically with large or highly compressed archives. The issue caus...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
EUVD-2026-13330
OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...
CVE-2026-32008
OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CVE-2026-4428
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...
CVE-2026-4428
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...