CVE-2025-45764

A flaw was found in jsrsasign. The library uses weak encryption algorithms, potentially resulting in sensitive data being vulnerable to decryption by an attacker with local access. This weakness allows a malicious actor to compromise confidentiality without requiring authentication or user...

CVE-2025-48072

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...

CVE-2025-3044

A hash collision flaw was found in llamaindex. The MD5 function is used in the ArxivReader class, and given the weakness in the MD5 hashing algorithm, an attacker can build colliding inputs. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

CVE-2025-23165

A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...

CVE-2025-3406

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhwbuildtilesetfromimage of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely...

CVE-2024-38797

A flaw was found in EDK2. This vulnerability allows an attacker to cause an out-of-bounds read, potentially leading to a loss of integrity and/or availability via a crafted data pointer and length sent over an adjacent network. Mitigation Mitigation for this issue is either not available or the...