net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...

MAL-2026-3203 Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

CVE-2026-28494

CVE-2026-28494 concerns ImageMagick, where stack corruption can occur due to a stack buffer overflow in the morphology kernel parsing when user-controlled kernel strings exceed a fixed-size buffer. The issue arises because strings are copied into stack buffers via memcpy without bounds checking. ...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the insufficient validation of host/authors during the url.Parse function. This allo...

CVE-2025-64736

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

Samsung多款产品 安全漏洞

SAMSUNG Exynos 1480 is a mobile chip processor developed by Samsung Electronics of South Korea. Several Samsung products have security vulnerabilities; these vulnerabilities stem from the cancellation of a null pointer in the pilotparsingncp function, which may lead to denial-of-service attacks...

PT-2026-22610

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A buffer overflow issue exists in the Tenda W20E. The issue occurs due to insufficient size validation when processing overly long addDhcpRules data. Specifically, the addDhcpRule function uses...

PLY security vulnerabilities

PLY is a Python library developed by B07’s individual developers. Version 3.11 of PLY contains a security vulnerability. This vulnerability stems from the unvalidated deserialization of pickle files via the picklefile parameter in the yacc function, which could lead to remote code execution...

libbiosig 安全漏洞

libbiosig is an open source software library for biomedical signal processing open source by BioSig Project. It has biosignal analysis capabilities. A security vulnerability exists in libbiosig version 3.9.1, which stems from a stack buffer overflow in the MFER parsing function that could lead to...

libbiosig 安全漏洞

libbiosig is an open source software library for biomedical signal processing open source by BioSig Project. It has biosignal analysis capabilities. A security vulnerability exists in libbiosig version 3.9.1, which stems from a stack buffer overflow in the MFER parsing function that could lead to...

CVE-2025-55100

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...

CVE-2025-55100 Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func()

In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in uxhostclassaudio10samparsefunc when parsing a list of sampling frequencies...

CVE-2025-55100

CVE-2025-55100 affects USBX (ThreadX USB support module) prior to version 6.4.3. The issue is an out-of-bounds read in the function _ux_host_class_audio10_sam_parse_func() while parsing a list of sampling frequencies, which could lead to a crash or potential data exposure. Red Hat and CVE aggrega...

CVE-2025-11356 Tenda AC23 SetStaticRouteCfg sscanf buffer overflow

A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and coul...

EUVD-2018-4067

Malware in sbrugna...

libbiosig MFER Parsing Function Buffer Overflow Vulnerability

libbiosig is BioSig Project open source an open source software library for biomedical signal processing . With biological signal analysis functions. A buffer overflow vulnerability exists in the libbiosig MFER parsing function, which can be exploited by an attacker to cause arbitrary code...

libbiosig ISHNE Parsing Function Buffer Overflow Vulnerability

libbiosig is BioSig Project open source an open source software library for biomedical signal processing . With biological signal analysis functions. A buffer overflow vulnerability exists in the libbiosig ISHNE parsing function, which can be exploited by an attacker to cause arbitrary code...