CVE-2025-57611

CVE-2025-57611 affects rust-ffmpeg 0.3.0 (post-commit 5ac0527). The issue is a null pointer dereference in the dump() function caused by not checking the return value of avfilter_graph_dump(), which can crash the process if memory allocation fails. The connected sources confirm the vulnerability ...

CVE-2008-20001

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although t...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

CVE-2025-50900

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...

CVE-2025-54370

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2008-20001

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although t...

CVE-2008-20001

ActivePDF WebGrabber 3.8.2.0 is affected by a stack-based buffer overflow in the GetStatus() method of the APWebGrb.ocx ActiveX control. Passing an overly long string to this method can allow a remote attacker to execute arbitrary code in the context of the vulnerable process. Exploitation is pos...

CVE-2008-20001

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although t...

CVE-2008-20001 activePDF WebGrabber ActiveX Control Buffer Overflow

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although t...

Linux Distros Unpatched Vulnerability : CVE-2024-50341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack...

ActivePDF WebGrabber 安全漏洞

ActivePDF WebGrabber is a server-side HTML/URL to PDF conversion control from ActivePDF open source. A security vulnerability exists in ActivePDF WebGrabber version 3.8.2.0, which stems from a stack buffer overflow in the GetStatus method of the APWebGrb.ocx ActiveX control, which could lead to t...

Linux Distros Unpatched Vulnerability : CVE-2021-23225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the newusername field during creation of a ne...

Linux Distros Unpatched Vulnerability : CVE-2018-11039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request...

PT-2025-35363

Name of the Vulnerable Software and Affected Versions: activePDF WebGrabber version 3.8.2.0 Description: activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow in the GetStatus method of the APWebGrb.ocx ActiveX control. Passing an overly long string to this method can allow ...

Linux Distros Unpatched Vulnerability : CVE-2020-5259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties...

GHSA-9FVJ-XQR2-XWG8 gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm

Impact For optimizing the scalar multiplication algorithm in circuit for some curves, gnark uses fake-GLV algorithm in case the curve doesn't support true-GLV. For this to work, we need to compute the scalar decomposition using the Half GCD method in gnark-crypto. However, for some of the inputs...

OESA-2025-2090 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-6.4.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-6.4.5.jar Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs

AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems. This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning ML for real-time anomaly detection. B...