PT-2026-29060

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The...

PT-2026-29046

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data1 can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The...

CVE-2025-14957

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer...

PT-2025-52491

Name of the Vulnerable Software and Affected Versions WebAssembly Binaryen versions prior to 126 Description A heap-based buffer overflow issue exists in the WasmBinaryReader::readExport function within the src/wasm/wasm-binary.cpp file. This manipulation can be exploited on the local host. The...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

PT-2025-51162

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...

PT-2025-51116

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions prior to 3.7.0 Description A flaw exists in the DcmByteString::makeDicomByteString function within the dcmdata/libsrc/dcbytstr.cc file of the dcmdata component. This manipulation can lead to memory corruption and can be...

EUVD-2025-200148

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752...

CVE-2025-13584

A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/timeentry.description leads to cross site scripting. The attack is possible to be carried out...

EUVD-2025-198608

A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/timeentry.description leads to cross site scripting. The attack is possible to be carried out...

CVE-2025-13566 jarun nnn nnn.c run_cmd_as_plugin double free

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function showcontentinfloatingwindow/runcmdasplugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is...

PT-2025-47859

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show content in floating window/run cmd as plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is...

CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection

A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

SUSE CVE-2025-13120

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sortcmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is...

CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

PT-2025-45500

Name of the Vulnerable Software and Affected Versions mruby version 3.4.0 Description A flaw exists in mruby version 3.4.0 within the ary fill exec function located in the file mrbgems/mruby-array-ext/src/array.c. Manipulation of the start and length arguments can result in an out-of-bounds write...

CVE-2025-12203

Summary: CVE-2025-12203 affects givanz Vvveb up to 1.0.7.3, specifically the sanitizeFileName function in Code Editor’s file system/functions.php. The issue allows remote path traversal via manipulation of the File argument. Impact (as stated): Path traversal could lead to unauthorized file acces...

EUVD-2025-34178

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID:...

CVE-2025-11494

A vulnerability was found in GNU Binutils 2.45. Impacted is the function bfdx86elflatesizesections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Th...

CVE-2025-11529

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...