CVE-2026-54395

CVE-2026-54395 affects MISP (UiBeta event index view) with a reflected XSS in the advanced filter popup. The urlparams value is inserted into an inline JavaScript handler inside a single-quoted string; browsers HTML-decode attribute values before JS parsing, enabling an attacker to craft a URL th...

EUVD-2026-35474

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

wasmtime 缓冲区错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 contained a buffer error vulnerability. This vulnerability stemmed from the lack of validation for the return value of the realloc function in guest...

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

GO-2025-4173 Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes in github.com/eclipse/paho.mqtt.golang

Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes in github.com/eclipse/paho.mqtt.golang...

EUVD-2011-1066

Malware in sbrugna...

EUVD-2025-6568

Malicious code in bioql PyPI...

CVE-2025-1774

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

CVE-2025-1774

CVE-2025-1774 is a string-encoding vulnerability in NASK - PIB BotSense where an additional field separator character or value can be injected into generated events’ extraData. Affected versions are BotSense before 2.8.0. Root cause: incorrect string encoding that allows extra separators/values t...

CVE-2025-1774 Logs manipulation in BotSense

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

CVE-2025-1774 Logs manipulation in BotSense

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.17: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2024-32669 Possible stack overflow due to a string encoding processing error

Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0...

CVE-2024-32669 Possible stack overflow due to a string encoding processing error

Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

PT-2022-37300 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the JavaParser library. The crash occurs in the com.github.javaparser.ast.expr.FieldAccessExpr.accept and...

SUSE-SU-2020:2807-1 Security update for aspell

This update for aspell fixes the following security issue: - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding bsc1161982...

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

...

libIEC61850 buffer overflow vulnerability (CNVD-2019-09613)

libIEC61850 is an open source GPLv3 implementation of the IEC 61850 client and server libraries. A heap buffer overflow vulnerability exists in BerEncoderencodeOctetString in mms/asn1/berencoder.c in libIEC61850 1.3, which can be exploited by an attacker to execute arbitrary code or cause a denia...

Automattic: XSS at www.woothemes.com

This XSS vulnerability can be used against IE browsers. There is an XSS filter in modern IE browsers, so to reproduce we should turn XSS filter off http://answers.microsoft.com/en-us/ie/forum/ie9-windows7/how-do-i-turn-off-cross-site-scripting-i-can-no/f3058b73-4956-e011-8dfc-68b599b31bf5?auth=1,...