266 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-15666
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function...
CVE-2025-15666
A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...
CVE-2025-15666
Open Asset Import Library Assimp (up to 5.4.3) contains a heap-based buffer overflow in Assimp::SceneCombiner::Copy (file code/Common/SceneCombiner.cpp) caused by manipulation of the width/height argument. Local attack required; exploit disclosed publicly (CVSS metrics indicate PoC maturity). No ...
[SECURITY] Fedora 44 Update: thorvg-1.0.6-1.fc44
ThorVG is an open-source graphics library designed for creating vector-based scenes and animations. It combines immense power with remarkable lightweight efficiency, as Thor embodies a dual meaning=E2=80=94symbolizing both thundero us strength and lightning-fast agility. Embracing the philosophy ...
[SECURITY] Fedora 43 Update: thorvg-1.0.6-1.fc43
ThorVG is an open-source graphics library designed for creating vector-based scenes and animations. It combines immense power with remarkable lightweight efficiency, as Thor embodies a dual meaning=E2=80=94symbolizing both thundero us strength and lightning-fast agility. Embracing the philosophy ...
OSV-2026-910 Heap-use-after-free in gf_node_unregister
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=523017646 Crash type: Heap-use-after-free READ 8 Crash state: gfnodeunregister BDDecSceneReplace BMSceneReplace...
OSV-2026-879 Heap-use-after-free in lsr_restore_base
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520664955 Crash type: Heap-use-after-free READ 8 Crash state: lsrrestorebase lsrreadpolygon lsrreadscenecontentmodel...
PT-2026-49159
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519588196 Crash type: Heap-use-after-free READ 8 Crash state: gf sg reset gf sg del fuzz scene.c...
CVE-2026-10232
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...
EUVD-2026-33565
A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...
PT-2026-45276
Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5 Description A use after free issue exists in the ASE File Parser component within the aiNode::aiNode function of the scene.cpp file. This flaw allows a local attacker to execute a manipulation that leads to the u...
MAL-2026-4050 Malicious code in @antv/l7-scene (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/l7 (>=2.10.0 <=2.25.10), @antv/l7-component (>=2.21.4 <=2.25.10) +7 more potentially affected by unknown CVE via @antv/l7-map (>=2.10.0 <=2.25.9)
@antv/l7-map NPM version =2.10.0, =2.10.0, =2.21.4, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7MAP-16754443...
@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-draw (>=2.1.13 <=2.1.14) +5 more potentially affected by unknown CVE via @antv/l7-scene (>=2.10.0 <=2.25.9)
@antv/l7-scene NPM version =2.10.0, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7SCENE-16754481...
@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-draw (>=2.1.13 <=2.1.14) +6 more potentially affected by unknown CVE via @antv/l7-renderer (>=2.10.0 <=2.25.9)
@antv/l7-renderer NPM version =2.10.0, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.1.13, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7RENDERER-16754403...
OSV-2026-767 Heap-use-after-free in gf_sg_reset
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513912488 Crash type: Heap-use-after-free READ 8 Crash state: gfsgreset gfsgdel fuzzscene.c...
Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD...
Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the USD library. T...
EUVD-2026-27349
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...
a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +90 more potentially affected by CVE-2026-35397 via jupyter-server (>=2.0.0rc3 <=2.17.0)
jupyter-server PYPI version =2.0.0rc3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =3.0.0, =0.1.0, =0.0.1, =0.0.6 and more Source cves: CVE-2026-35397 Source advisory: SNYK:PYTHON-JUPYTERSERVER-16425698...