20725 matches found
EUVD-2026-33517
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
CVE-2026-8796 Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
CVE-2026-8796
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
ECHO-EE72-5202-2C87
Bulletin has no description...
PT-2026-45212
Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions prior to 5.005 Description An issue exists where crafted input can lead to a heap out-of-bounds read. In the file Perl/Decoder/srl decoder.c, the functions srl read object and srl read hash process a COPY tag, which is...
MINI-WR87-XWG2-X7HJ
Bulletin has no description...
MINI-G4VF-MCH7-385W
Bulletin has no description...
MINI-Q57P-73PH-RXC3
Bulletin has no description...
MINI-M8WQ-85Q3-M58X
Bulletin has no description...
MINI-VXP9-5PRV-7GQW
Bulletin has no description...
MINI-FH3H-CJGX-8F8Q
Bulletin has no description...
MINI-G252-MQQP-RP99
Bulletin has no description...
MINI-8PWV-96GQ-8R76
Bulletin has no description...
MINI-MMHP-HF79-64PQ
Bulletin has no description...
CVE-2026-35671
phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...
SUSE CVE-2026-48156
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...
Malicious Package
Overview @t-in-one/addapplicationservicetoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...
ECHO-B73A-C35A-A407
Bulletin has no description...
Malicious Package
Overview @cloudplatform-single-spa/security-groups is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @cloudplatform-single-spa/ml-ai-agents-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...