glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

UBUNTU-CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

BIT-LIBPHP-2026-7568 Signed integer overflow in metaphone()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

CVE-2026-43893

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

One Search 安全漏洞

One Search is a quick-start search tool developed by One Search Inc. Version 1.1.0.0 of One Search contains a security vulnerability. This vulnerability arises from the search function’s improper handling of extremely long input strings, which may allow local attackers to cause the application to...

UltraVNC Viewer 缓冲区错误漏洞

UltraVNC Viewer is a remote desktop client developed by UltraVNC Corporation. Version 1.2.2.4 of UltraVNC Viewer contains a buffer error vulnerability. This vulnerability stems from a denial-of-service attack on the VNC Server’s input fields, which could allow attackers to cause the application t...

SUSE CVE-2025-14087

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

EUVD-2009-3258

Malware in sbrugna...

EUVD-2018-0201

Malware in sbrugna...

EUVD-2007-0663

Malware in sbrugna...

Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SETTINGRE regular expression in /commands/chat.py. An attacker can cause significant performance...

GNU C Library 安全漏洞

The GNU C library is a standard library implementation of C developed by the GNU project to provide core API support for Linux systems, and is the basis for most C programs to run. The GNU C library suffers from a security vulnerability. An attacker could exploit the vulnerability to overwrite...

github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...

SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2025:0637-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0637-1 advisory. Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Tenable has extracted...

SUSE-SU-2025:0636-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:0619-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.20: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

PT-2025-7253 · Elliptic · Elliptic

Name of the Vulnerable Software and Affected Versions: elliptic affected versions not specified Description: The issue allows for private key extraction from ECDSA signatures when signing a malformed input, such as a string or a number, which could come from JSON network input. This is possible...