UBUNTU-CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the strlen function attempting to read from a non-empty termination buffer, leading...

AZL-75911 CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

OpenSSL security vulnerabilities

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

Copier security vulnerabilities

Copier is an open-source library used for rendering project templates by Copier. Versions of Copier prior to 9.11.2 contained a security vulnerability. This vulnerability stemmed from the use of symbolic links and certain settings, which could lead to writing into directories outside of the targe...

Lucy-XSS security vulnerability

Lucy-XSS is a cross-site scripting protection library open-sourced by NAVER. Lucy-XSS has a security vulnerability, which stems from improper configuration of the default super-set rule file, leading to inadequate cleanup and potentially allowing malicious JavaScript to be executed...

iccDEV 安全漏洞

iccDEV is an open source color configuration code library from the International Color Consortium. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from a heap buffer overflow in the CIccProfileXml::ParseBasic function, which may result in memory corruption...

iccDEV 代码问题漏洞

iccDEV is an open source color configuration code library from the International Color Consortium ICC. A code issue vulnerability exists in versions of iccDEV prior to 2.3.1.2, which stems from the presence of a null-pointer member call that could result in a null-pointer dereference...

iccDEV 数字错误漏洞

iccDEV is an open source color configuration code library from the International Color Consortium ICC. A numeric error vulnerability exists in iccDEV version 2.3.1.1 and earlier, which stems from an out-of-bounds read and integer underflow in the CIccCalculatorFunc::SequenceNeedTempReset function...

Grassroot DICOM 安全漏洞

Grassroot DICOM is a Sourceforge open source C++ library for DICOM medical files. A security vulnerability exists in Grassroot DICOM version 3.024, which stems from an out-of-bounds read in the Overlay function that could lead to information disclosure...

Silicon Labs Gecko SDK 安全漏洞

The Silicon Labs Gecko SDK GSDK is an open source library from Silicon Labs. Combines the Silicon Labs Wireless Software Development Kit SDK and the Gecko platform into one integrated package. A security vulnerability exists in Silicon Labs Gecko SDK GSDK that stems from a malformed grouping atta...

trytoncalidae-authentication-dummy (=7.2.0), trytoncalidae-jinja-report (>=7.2.0 <=7.2.1) +211 more potentially affected by CVE-2025-66424 via trytond (=7.2.23)

trytond PYPI version =7.2.23 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - trytoncalidae-authentication-dummy =7.2.0 - trytoncalidae-jinja-report =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0,...

UBUNTU-CVE-2025-65102

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio...

UBUNTU-CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

OSV-SCALIBR 安全漏洞

OSV-SCALIBR is an open source software portfolio analysis library from Google. A security vulnerability exists in OSV-SCALIBR that stems from a file system traversal path error that could cause an application to crash...

RNP 安全漏洞

RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP that stems from improper PKESK session key generation...

JLSEC-2025-6 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t...

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose...

EUVD-2020-0221

Malware in sbrugna...

EUVD-2023-31250

Malicious code in bioql PyPI...

EUVD-2024-2041

Malicious code in bioql PyPI...