CVE-2026-8997

CVE-2026-8997 : vifm is vulnerable to a heap buffer overflow during the history merge when saving the state file (vifminfo.json). The flaw arises from a missing runtime length check on history entries in release builds, allowing a crafted long path or command in history to cause memory corruption...

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

CVE-2025-47784

Emlog (open-source website building system) is affected by CVE-2025-47784 in versions 2.5.13 and earlier, due to a deserialization vulnerability. A crafted nickname can trigger str_replace to set name_orig to an empty value, causing deserialization to fail and return false. The issue is mitigated...

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2023-52138

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...

CVE-2022-29339

In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...

RUSTSEC-2021-0112 `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

CVE-2020-24978

In NASM 2.15.04rc3, there is a double-free vulnerability in pptokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7...

DEBIAN-CVE-2018-1999011

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asfo format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be...

DEBIAN-CVE-2018-1999010

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

systemd (systemd-tmpfiles) < 236 - fs.protected_hardlinks=0 Local Privilege Escalation Vulnerabil

Exploit for linux platform in category local exploits Product: systemd systemd-tmpfiles Versions-affected: 236 and earlier Author: Michael Orlitzky Fixed-in: commit 5579f85 , version 237 Bug-report: https://github.com/systemd/systemd/issues/7736 Acknowledgments: Lennart Poettering who, instead of...