EUVD-2025-18390

Malicious code in bioql PyPI...

EUVD-2025-16260

Malicious code in bioql PyPI...

EUVD-2025-16217

Malicious code in bioql PyPI...

SUSE CVE-2023-53450

In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUGON in ext4mbreleasegrouppa If a malicious fuzzer overwrites the ext4 superblock while it is mounted such that the sfirstdatablock is set to a very large number, the calculation of the block group can underflow,...

American Fuzzy Lop plus plus 4.34c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

OSV-2025-762 Use-of-uninitialized-value in fuzzer_send

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=445773944 Crash type: Use-of-uninitialized-value Crash state: fuzzersend SendBuffered SendFinished...

Linux Distros Unpatched Vulnerability : CVE-2025-38710

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 a...

OSV-2025-684 Heap-buffer-overflow in TGAHandler::read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=440585455 Crash type: Heap-buffer-overflow WRITE 4 Crash state: TGAHandler::read kimgiofuzzer.cc...

PT-2025-46597

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Model Specific Registers MSRs access during performance monitoring. Specifically, an incorrect check in the intel pmu acr late setup helper...

OSV-2025-634 Null-dereference READ in [email protected]

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438294044 Crash type: Null-dereference READ Crash state: [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2023-52742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as...

OSV-2025-581 UNKNOWN READ in tidy_fuzzer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434741279 Crash type: UNKNOWN READ Crash state: tidyfuzzer...

aflnet

It is an offensive tool for network protocols. AFLNet is a greybox fuzzer for protocol implementations. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of recorded message exchanges between...

PT-2025-33038 · Git · Libavc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428771938 Crash type: Heap-use-after-free READ 16 Crash state: ih264 inter pred luma horz ssse3 ih264d motion compensate mp isvcd decode recon tfr nmb non base lyr...

FrameShift: Learning to Resize Fuzzer Inputs without Breaking Them

Coverage-guided fuzzers are powerful automated bug-finding tools. They mutate program inputs, observe coverage, and save any input that hits an unexplored path for future mutation. Unfortunately, without knowledge of input formats--for example, the relationship between formats' data fields and...

RVISmith: Fuzzing Compilers for RVV Intrinsics

Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...

American Fuzzy Lop plus plus 4.33c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

CVE-2022-49985 bpf: Don't use tnum_range on array range checking for poke descriptors

In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...