EUVD-2024-39871

Malicious code in bioql PyPI...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the elfswapshdr function in bfd/elfcode.h of the Linker component. An attacker can execute arbitrary code or cause a denial of service by providing crafted input that triggers a heap-based buffer overflow...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

CVE-2025-3753

The CVE-2025-3753 issue affects the ROS rosbag tool, specifically ROS Noetic Ninjemys and earlier. The root cause is the use of Python’s eval() to process unsanitized, user-supplied input within the rosbag filter command, enabling potential arbitrary Python code execution. Documents consistently ...

BIT-JOOMLA-2024-40747 [20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

BIT-JOOMLA-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14383)

FreeFloat FTP Server is a FTP Server software developed by FreeFloat Inc. A buffer overflow vulnerability exists in FreeFloat FTP Server. The vulnerability stems from the failure of the SEND command handler to properly process user input, and no details of the vulnerability are provided at this...

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors...

CVE-2022-41783

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service DoS condition of the product's OneMesh function...

CVE-2022-46904

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS...

CVE-2022-22673

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service...

CVE-2022-46906

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

CVE-2019-0792

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795...

CVE-2019-0790

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795...

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a server software for File Transfer Protocol FTP. A buffer overflow vulnerability exists in PCMan FTP Server that stems from the MPUT Command Handler failing to properly process input data when processing a specific request. No detailed vulnerability details are available at...

PCMan FTP Server 安全漏洞

PCMan FTP Server is an FTP server software that provides file transfer services. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the failure of the HOST Command Handler module to properly process input when handling a specific request. No detailed vulnerability detai...

CVE-2024-13896

CVE-2024-13896 affects WP-GeSHi-Highlight for WordPress up to version 1.4.3. The plugin processes user-supplied input as a regular expression in wp_geshi_filter_replace_code(), which could trigger a Regular Expression Denial of Service (ReDoS). This is described in multiple connected records (inc...

CVE-2024-53030

Memory corruption while processing input message passed from FE driver...