CVE-2026-34253

A flaw was found in the ogg123 utility of the vorbis-tools package. This buffer underflow vulnerability occurs in the remote control functionality when processing malformed input. A remote attacker could exploit this to cause application crashes and potentially achieve arbitrary code execution...

CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

PYSEC-2026-143

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

CVE-2021-22302

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service...

EUVD-2018-8152

Malware in sbrugna...

EUVD-2015-6489

Malware in sbrugna...

EUVD-2019-11449

Malware in sbrugna...

EUVD-2021-2554

Malware in sbrugna...

EUVD-2002-2290

Malware in sbrugna...

EUVD-2022-3656

Malicious code in bioql PyPI...

EUVD-2025-11013

Malicious code in bioql PyPI...

EUVD-2025-23828

Malicious code in bioql PyPI...

PT-2025-29680 · Unknown · Gpt-Sovits-Webui

Name of the Vulnerable Software and Affected Versions: GPT-SoVITS-WebUI versions 20250228v3 and prior Description: GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. A flaw exists due to unsafe deserialization in the vr.py AudioPreDeEcho component. The model choose variable accepts...

CVE-2023-3909

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

CVE-2011-3583

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user inpu...

CVE-2024-7957

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

CVE-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

PT-2023-24570 · WordPress · Read More & Accordion

Name of the Vulnerable Software and Affected Versions: Read More & Accordion WordPress plugin versions prior to 3.2.7 Description: The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present, due to the unserialize of user input provide...

CVE-2023-3206

A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /sendorder.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched...