729 matches found
EUVD-2020-20268
Malware in sbrugna...
EUVD-2025-12765
Malicious code in bioql PyPI...
EUVD-2025-12766
Malicious code in bioql PyPI...
CVE-2025-9732
A vulnerability was identified in DCMTK. This issue affects an unknown function in the dcmimage/include/dcmtk/dcmimage/diybrpxt.h library of the dcm2img component. Manipulation leads to memory corruption. Local access is required to approach this attack. Mitigation No mitigation is currently...
CVE-2025-45512
A flaw was found in the bootloader component of DENX Software Engineering Das U-Boot U-Boot. This vulnerability allows arbitrary code execution via installation of crafted firmware files due to missing signature verification. Mitigation Mitigation for this issue is either not available or the...
CVE-2025-54804
A flaw was found in russh. The SSH channel window adjust message processing incorrectly handles input, leading to an integer overflow. A remote attacker can trigger this overflow by sending a maliciously crafted SSH channel window adjust message. This integer overflow can result in an application...
CVE-2025-48073
A NULL pointer dereference flaw was found in OpenEXR. When reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. Mitigation Mitigation for this issue is either not available ...
CVE-2025-48072
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...
CVE-2025-54576
An authentication bypass flaw was found in the OAuth2-Proxy project. This bypass affects systems that have configured their deployment to skip authentication on endpoints that match a deployment-defined regular expression. HTTP parameters can be used to match and trigger the authentication bypass...
CVE-2025-7458
An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...
CVE-2025-54419
A signature verification flaw was found in the npm @node-saml/node-saml library. This flaw allows an attacker who has access to a validly signed document from the identity provider IdP to alter the content of the document, modify the details within the document, and have the modifications be...
CVE-2025-8263
A regular expression denial of service flaw has been discovered in the prettier code formatter tool. This flaw allows and attacker who has access to input source files to induce a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do...
CVE-2025-8011
A type confusion flaw was found in the Chromium web browser. This flaw allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...
CVE-2025-53538
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...
CVE-2025-49656
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue. Mitigation Mitigation for this issue is either not available or the...
CVE-2025-7784
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...
CVE-2025-27465
A flaw was found in Xen. Xen’s emulation of intercepted instructions uses replay mechanisms with executable stubs. Improper handling of exceptions raised during this replay process allows a local attacker to trigger unexpected behavior. This issue can occur when an instruction causes an exception...
CVE-2025-22227
A flaw was found in io.projectreactor.netty/reactor-netty. Reactor Netty’s HTTP client, when explicitly configured to follow redirects in chained redirect scenarios, can inadvertently leak credentials. This flaw allows an attacker to trigger this credential leakage by manipulating the redirect...
CVE-2025-7656
An integer overflow flaw was found in Chromium. This vulnerability allows a remote attacker to cause heap corruption via a crafted HTML page, potentially leading to unpredictable behavior, such as system crashes and the execution of malicious code. Mitigation Mitigation for this issue is either n...
CVE-2025-53019
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and...