Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackSonyDPD function when parsing the FormFlag field due to missing bounds checking before reading data. An attacker can cause information disclosure or application instability by supplying crafted input...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Nikon MakerNote handling process. An attacker can cause crashes or leak information by triggering an unsigned 32-bit integer overflow. This is only exploitable if the system is 32-bit. Remediation A...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview mcp-server-taskwarrior is a MCP server for taskwarrior Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the server.setRequestHandler function. An attacker can execute arbitrary command...

Unprotected Alternate Channel

Overview Affected versions of this package are vulnerable to Unprotected Alternate Channel due to the omission of confirmation in proxy-mode multiplexing sessions. An attacker can cause unintended data handling by establishing a multiplexed session without explicit confirmation when specific and...

Incorrect Authorization

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the requireMention process. An attacker can trigger agent-visible system events in group chats that are intended to be mention-gated by sending...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the save function. An attacker can extract sensitive information from the database and insert arbitrary data by submitting crafted input to the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/server/shutdown endpoint handler. An attacker can repeatedly terminate the server process by sending requests to this endpoint, resulting in continuous server downtime and service disruption. Remediati...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ClonePixelCacheRepository function. An attacker can cause a crash of the application by supplying a specially crafted image file. Remediation A fix was pushed into the master branch but not yet published...

Command Injection

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Command Injection via the project files import proccess. An attacker can execute arbitrary system commands by uploading a crafted project file containing...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in regexec.c, which allows an attacker to read arbitrary heap memory, including pointers and sensitive strings. Remediation A fix was pushed into the master branch but not yet published. References - Debian Security...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgpipelinedescdefaults function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via improper handling of memory buffers in asnbuildobjid in lib/snmplib/asn1.c. An attacker can cause a denial of service by sending specially crafted input that triggers a buffer overflow. Remediation A fix...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the CBOR data processing. An attacker can gain elevated privileges by providing specially crafted input that triggers excessive recursive calls. Remediation A fix was pushed into t...

Out-of-bounds Write

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending...