SUSE CVE-2026-31637

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper parsing of the TID-To-Link Mapping element, potentially leading to out-of-bounds reads...

SUSE CVE-2026-1801

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

libnbd 参数注入漏洞

libnbd is an open source library from libguestfs for editing NBD Network Block Device clients. A parameter injection vulnerability exists in libnbd, which stems from incorrect parsing of a specially crafted URI and could lead to arbitrary code execution...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper parsing of tool call inputs, which allows an attacker to execute arbitrary code through crafted payloads...

EUVD-2017-7341

Malware in sbrugna...

EUVD-2006-6284

Malware in sbrugna...

EUVD-2022-51432

Malicious code in bioql PyPI...

EUVD-2024-49613

Malicious code in bioql PyPI...

phonenumber 安全漏洞

phonenumber is a Whisperfish open source library for parsing, formatting and validating international phone numbers. A security vulnerability exists in phonenumber versions prior to 1.2.2 that stems from the phonenumbers.Parse function not properly validating input syntax, which could lead to an...

NewStart CGSL MAIN 7.02 : xdg-utils Vulnerability (NS-SA-2025-0195)

The remote NewStart CGSL host, running version MAIN 7.02, has xdg-utils packages installed that are affected by a vulnerability: - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not...

CVE-2020-6655

The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises du...

h11: h11 accepts some malformed Chunked-Encoding bodies

A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators...

Cross-site Scripting (XSS)

golang.org/x/net is vulnerable to improper parsing logic. The vulnerability is due to incorrect tag interpretation in unquoted attribute values ending with a solidus / being mistakenly marked as self-closing, especially in foreign content like or . which allows attackers to exploit content in the...

HTTP Request Smuggling

github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...

SUSE CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

Server-side Request Forgery (SSRF) in hackney

Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney will...

CVE-2023-6602

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An information disclosure vulnerability exists in FFmpeg, which stems from incorrect parsing of non-TTY-compliant input files in HLS playlists, and can be exploited by an attacker to cause ...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to an improper parsing of the TypeOne FontBBox. This is due to improper sanitization of the bbox values, which could lead to inconsistencies in font metrics or unexpected behavior. Remediation Upgrade...