PT-2026-27319

Name of the Vulnerable Software and Affected Versions visualfc liteide versions prior to x38.4 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in visualfc liteide within the http parser.C program files and the...

CVE-2025-14731 CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...

UBUNTU-CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

EUVD-2025-201189

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +306 more potentially affected by CVE-2025-54988 via org.apache.tika:tika-parser-pdf-module (>=2.0.0-ALPHA <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0-ALPHA, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988 Source advisory: OSV:GHSA-P72G-PV48-7W9X...

CVE-2025-54988

This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...

CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

PT-2025-26588 · Unknown · Notepadnext

Name of the Vulnerable Software and Affected Versions: NotepadNext versions through v0.11 Description: The issue is an Out-of-bounds Read vulnerability in the NotepadNext Lua Parser Module, specifically affecting the singlevar function in lparser.c. This vulnerability can lead to a heap-based...

USN-7081-1 golang-1.22 vulnerabilities

It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. CVE-2024-24791 It was discovered that the Go parser module did not...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Go vulnerabilities (USN-7081-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7081-1 advisory. It was discovered that the Go net/http module did not properly handle responses to requests with an Expect: 100-continue header...

PT-2024-25939 · Unknown · Faucet Sdn Ryu

Name of the Vulnerable Software and Affected Versions: Faucet SDN Ryu version 4.34 Description: The issue allows attackers to cause a denial of service, resulting in an infinite loop, via a specific condition where length=0. This is related to the OFPHello function in the parser.py file...

PT-2024-25938 · Unknown · Faucet Sdn Ryu

Name of the Vulnerable Software and Affected Versions: Faucet SDN Ryu version 4.34 Description: The issue allows attackers to cause a denial of service infinite loop via b.length=0 in OFPMultipartReply in parser.py. Recommendations: For version 4.34, consider disabling the OFPMultipartReply...

CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service...

CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service...

Input validation

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service...

Dell System Update 信任管理问题漏洞

Dell System Update is an application package from Dell, Inc. that provides application updates. A security vulnerability exists in Dell System Update version 2.0.0 and prior versions, which stems from the inclusion of incorrect certificate validation in the data parser module. No details of the...

CVE-2022-34404

Summary (CVE-2022-34404) Dell System Update (versions 2.0.0 and earlier) contains an improper certificate validation flaw in the data parser module. The underlying issue is a certificate validation weakness that could enable a local attacker with high privileges to cause credential theft and/or d...

OESA-2022-1632 lua security update

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Security Fixes: singlevar in lparser.c in Lua through 5.4.4 lacks a certain...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. A stack-based buffer overflow was discovered in the xtimor NMEA library aka nmealib 0.5.3. nmeaparse in parser.c allows an attacker to trigger denial of service even arbitrary code execution in a certain context in ...

Choronzon - An Evolutionary Knowledge-Based Fuzzer

An evolutionary knowledge-based fuzzer Introduction This document aims to explain in brief the theory behind Choronzon . Moreover, it provides details about its internals and how one can extend Choronzon to meet new requirements. An overview of the architecture of Choronzon was initially presente...