CVE-2026-40340

A flaw was found in libgphoto2, a library for camera access and control. An out-of-bounds read vulnerability exists in the ptpunpackOI function due to insufficient validation. A local attacker could exploit this by crafting specific input related to the Samsung Galaxy 64-bit objectsize detection...

DEBIAN-CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

PT-2026-33538

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out-of-bounds read exists in the ptp unpack OI function within camlibs/ptp2/ptp-pack.c. The function validates that the len variable is less than PTP oi SequenceNumber 48, but it subsequently...

Malicious code in manu-oi-gisoag1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcc0c5aa891c11a484208db8efd96d65e4793acfa80281f4998a530502ee5c4c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in manu-oi-gsisi01 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 790c2b8980087d8dee43a2e8b4c1a27bcad5c1def1f372e0e58ffc02e999b80f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in manu-oi-gisigo1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 096ae7b62a3151b4d96aebd464186069c4f959d3ee5eefd14f8bd1373f7a7982 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-50031 Malicious code in cici-bika67-oi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eef4a687d68bd59a14cef5e019d8d9d7f5bc6fa7527b4808cec1138b145fc5c0 The package cici-bika67-oi was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded npm...

EUVD-2025-41439

Malicious code in cici-bika67-oi npm...

EUVD-2014-5803

Malware in sbrugna...

EUVD-2006-0923

Malware in sbrugna...

EUVD-2023-26850

Malicious code in bioql PyPI...

MAL-2025-16378 Malicious code in butterfly-leopard-oiu132-project (npm)

The package butterfly-leopard-oiu132-project was found to contain malicious code...

MAL-2025-12797 Malicious code in @zalastax/nolb-oi (npm)

The package @zalastax/nolb-oi was found to contain malicious code...

Malicious code in @zalastax/nolb-oi (npm)

The package @zalastax/nolb-oi was found to contain malicious code...

CVE-2023-22721

Auth. Stored Cross-Site Scripting XSS in Oi Yandex.Maps for WordPress = 3.2.7 versions...

CVE-2010-1082

Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magicquotesgpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the 1 theme parameter to loadStyles.php and the 2 scripts parameter to javascript/loadScripts.php. NOTE: the...

oi-services.nl Improper Access Control vulnerability OBB-3923339

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-22721

Auth. Stored Cross-Site Scripting XSS in Oi Yandex.Maps for WordPress = 3.2.7 versions...

Cross site scripting

Auth. Stored Cross-Site Scripting XSS in Oi Yandex.Maps for WordPress = 3.2.7 versions...