EUVD-2026-21068

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

ROS-20260323-73-0007

A vulnerability in the loadglobalrootsobjectid function of the Linux kernel is related to a pointer dereferencing error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

RockyLinux 8 : resource-agents (RLSA-2026:1904)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1904 advisory. pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-23490 Tenable has extracted the preceding description block direct...

CVE-2025-71184

A NULL pointer dereference vulnerability was found in the Linux kernel's Btrfs filesystem. When evicting an inode in btrfsevictinode, the tracing setup code attempts to fetch the root's ID before checking if the root pointer is NULL. This can cause a kernel crash when the inode's root is NULL...

CVE-2025-71184

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfsevictinode the root might be NULL, as...

EUVD-2018-20522

Malware in sbrugna...

EUVD-2020-0391

Malware in sbrugna...

EUVD-2013-5993

Malware in sbrugna...

EUVD-2022-4714

Malicious code in bioql PyPI...

Wanzhou WOES Intelligent Optimization Energy Saving System 注入漏洞

Wanzhou WOES Intelligent Optimization Energy Saving System is an Intelligent Optimization Energy Saving System from the Chinese company Wanzhou. An injection vulnerability exists in version 1.0 of the Wanzhou WOES Intelligent Optimization Energy Saving System, which is caused by incorrect...

CVE-2019-19729

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

SUSE CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

SUSE CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

@biscottino/session (>=1.0.0 <=1.0.1), @graasp/cli (>=0.3.0 <=0.4.2) +34 more potentially affected by CVE-2019-19729 via bson-objectid (>=1.1.1 <=1.3.0)

bson-objectid NPM version =1.1.1, =1.0.0, =0.3.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.1.1, =3.3.3 and more Source cves: CVE-2019-19729 Source advisory: OSV:GHSA-P84X-5XX8-HFF9...

bson-objectid contains Improper input validation

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

GHSA-P84X-5XX8-HFF9 bson-objectid contains Improper input validation

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

Broken Object Level Authorization☝️ — What you need to know

Broken Object Level Authorization☝️ — What you need to know What is Broken Object Level Authorisation? Broken Object Level Authorisation all starts with an object. Objects should be looked at in the context of “Object Oriented Programming”, what I mean with that is objects are the things you think...

Design/Logic Flaw

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

BloodHound Cross-Site Scripting Vulnerability

BloodHound is a JavaScript application that reveals hidden relationships and attack paths in the Active Directory environment through graph theory. A cross-site scripting vulnerability exists in Bloodhound. The vulnerability, which originates in the product's...

Prusa Research PrusaSlicer _3MF_Importer::_handle_end_model() use-after-free vulnerability

Summary A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested...