libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Struktur that include LibHEIF 1.21.2 and earlier contain a buffer error vulnerability. This vulnerability stems from incorrect operations in the Track::load function with...

sql-injection-corpus

SQL Injection Corpus - User Guide Overview This corpus con...

New-Shellcode-Injection-Exploit

Shellcode Injection Exploit Author Created by 0x5da...

CVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

Linux Distros Unpatched Vulnerability : CVE-2026-27622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In...

EUVD-2025-208324

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

CVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

CVE-2025-29165

Summary: CVE-2025-29165 affects the D-Link DIR-1253 MESH, version 1.6.1684. The issue allows an attacker to escalate privileges via the etc/shadow.sample component. The connected sources consistently reference this vendor/model and version, indicating a genuine privilege-escalation flaw rather th...

CVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

CVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

UBUNTU-CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

CVE-2026-29022

Summary of CVE-2026-29022 (dr_libs): A heap buffer overflow affects dr_libs 0.14.4 and earlier via drwav__read_smpl_to_metadata_obj() in dr_wav.h. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with...

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.6, 3.3.8, and 3.4.6 contain a buffer error vulnerability. This vulnerability arises from the rounding of the total per-pixel value in vector tot...

GHSA-CR4V-6JM6-4963 OpenEXR's CompositeDeepScanLine integer-overflow leads to heap OOB write

Summary Function: CompositeDeepScanLine::readPixels, reachable from high-level multipart deep read flows MultiPartInputFile + DeepScanLineInputPart + CompositeDeepScanLine. Vulnerable lines src/lib/OpenEXR/ImfCompositeDeepScanLine.cpp: - totalsizesptr += countsjptr; line 511 - overallsamplecount ...

Malicious code in sample-custom-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ade5f035c4d3f9fe74cfc0626c8ac011eeea6e88040376a03abee9cdf05290b7 The package sample-custom-component was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1032 Malicious code in sample-custom-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ade5f035c4d3f9fe74cfc0626c8ac011eeea6e88040376a03abee9cdf05290b7 The package sample-custom-component was found to contain malicious code. Source: ghsa-malware...

CVE-2026-23223 xfs: fix UAF in xchk_btree_check_block_owner

In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchkbtreecheckblockowner We cannot dereference bs-cur when trying to determine if bs-cur aliases bs-sc-sa.bno,rmapcur after the latter has been freed. Fix this by sampling before type before any freeing could...

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...