CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

PT-2026-21018

Name of the Vulnerable Software and Affected Versions Silicon Labs Secure NCP versions affected versions not specified Description An integer underflow in the Silicon Labs Secure NCP host implementation can lead to a buffer overread when processing a crafted packet. Recommendations At the moment,...

CVE-2020-37049

Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted inp...

openSUSE 16 Security Update : libpng16 (openSUSE-SU-2026:20017-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20017-1 advisory. - CVE-2025-64505: heap buffer over-read in pngdoquantize when processing PNG files malformed palette indices bsc1254157. - CVE-2025-64506: heap...

CVE-2025-36099

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-57776

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...

ovn: egress ACLs may be bypassed via specially crafted UDP packet

A flaw was found in the Open Virtual Network OVN. Specially crafted UDP packets may bypass egress access control lists ACLs in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized...

CVE-2024-52301 Laravel allows environment manipulation via query string

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

The vulnerability of the FFmpeg multimedia library, related to reading data beyond the allowed buffer limits, allows a hacker to cause a service failure.

The vulnerability of the FFmpeg multimedia library relates to reading data beyond the allowed buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using a specially created MXF file...

CVE-2024-32004 Git vulnerable to Remote Code Execution while cloning special-crafted local repositories

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

Openwsman versions up to and including 2.6.9 are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

...

CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

Siemens Tecnomatix Plant Simulation 缓冲区错误漏洞

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an...

The vulnerability of the software environment of the Tecnomatix Plant Simulation model lies in the reading beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the software environment for the simulation modeling of systems and processes in Tecnomatix Plant Simulation relates to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created SPP...

CVE-2022-43907

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901...

USN-6182-1 pngcheck vulnerabilities

It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

USN-6177-1 libjettison-java vulnerabilities

It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

PT-2023-5759 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0006 Description: A vulnerability has been identified in the affected application, which contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted...