CVE-2025-70231

D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability...

CVE-2025-51663

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share...

EUVD-2021-27343

Malware in sbrugna...

EUVD-2025-25676

Malicious code in bioql PyPI...

EUVD-2021-30903

Malicious code in bioql PyPI...

EUVD-2023-48160

Malicious code in bioql PyPI...

CVE-2025-54494

Summary: The Biosig Project libbiosig 3.9.0 and the Master branch contain a stack-based buffer overflow in the MFER parsing path. Specifically, biosig.c at line 9205 with tag 133 (0x85) causes a buffer overrun when processing MFER files, enabling arbitrary code execution. The vulnerability detail...

CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

SUSE CVE-2021-47433

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide...

CVE-2024-20742 Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current...

CVE-2023-37921

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary...

CVE-2023-25002

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

CVE-2023-27399

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

CVE-2023-27398

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

Malicious Package

Overview ceedee is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users into downloading the package which contains a malicious code. This package exfiltrates user data such...

PT-2022-26666 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted TGA file consumed through the DesignReview.exe application could lead to memory corruption, potentially allowing code execution in the context of the current...

CVE-2022-41306

A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

PT-2021-11564 · Prusa +1 · Prusaslicer +1

Name of the Vulnerable Software and Affected Versions: PrusaSlicer version 2.2.0 PrusaSlicer Master commit 4b040b856 Description: A use-after-free issue exists in the 3MF Importer:: handle end model functionality. This can be triggered by a specially crafted 3MF file, potentially leading to code...

About the security content of iOS 14.7 and iPadOS 14.7

About the security content of iOS 14.7 and iPadOS 14.7 This document describes the security content of iOS 14.7 and iPadOS 14.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...