CVE-2017-18244

The stereoprocessing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted aac file, related to ffpsapply...

CVE-2017-18406

cPanel before 67.9999.103 allows SQL injection during eximstats processing SEC-276...

CVE-2017-18420

cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing SEC-269...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18423

In cPanel before 66.0.2, domain log files become readable after log processing SEC-273...

CVE-2019-11925

Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between...

CVE-2019-20023

A memory leak was discovered in imagebufferresize in fromsixel.c in libsixel 1.8.4...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

CVE-2023-50262

Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or...

CVE-2023-25519

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges...

CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

CVE-2023-40020

PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions app/routes/v3/admin.controller.ts did not correctly verify whether the user was an administrator High Level or moderator Low Level causing the request to continue processing. The response...

CVE-2021-41128

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

CVE-2025-23314

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and dat...

CVE-2022-33213

Memory corruption in modem due to buffer overflow while processing a PPP packet...

CVE-2026-21688

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in SIccCalcOp::ArgsPushed at IccProfLib/IccMpeCalc.cpp. This...

OSV-2026-21 Use-of-uninitialized-value in processTLSBlock

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474015854 Crash type: Use-of-uninitialized-value Crash state: processTLSBlock ndpisearchdtls ndpisearchtlswrapper...

Soda PDF Desktop Code Execution Vulnerability (CNVD-2026-06108)

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing Word files without...

Soda PDF Desktop Code Execution Vulnerability (CNVD-2026-06110)

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing XLS files without us...

CVE-2026-22255 iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...