CVE-2026-10233

Assimp contains a local out-of-bounds read in HL1MDLLoader::read_sequence_infos (HL1MDLLoader.cpp) of the Half-Life 1 MDL Loader. The bug is triggered by manipulating the aiString and affects Assimp up to 6.0.4. A local attacker could exploit this; a public exploit is disclosed in sources. No rem...

Malicious Package

Overview string-manipulation-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2026-3827 Malicious code in string-manipulation-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bed3d44d42fd732fc0b3ec3b59c8c75fea479f97b78de4982c5b75bafd9af25 The package string-manipulation-typescript was found to contain malicious code. Source: ghsa-malware...

Malicious code in string-manipulation-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bed3d44d42fd732fc0b3ec3b59c8c75fea479f97b78de4982c5b75bafd9af25 The package string-manipulation-typescript was found to contain malicious code. Source: ghsa-malware...

[SECURITY] Fedora 44 Update: kf6-kcodecs-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with string manipulation methods...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

Improper Validation of Unsafe Equivalence in Input

Overview alt-design/alt-redirect is an Alt Redirect addon, add Redirects to your site Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via handling of query string parameters when the "Query String Strip" feature is enabled. An attacker can...

EUVD-1999-0146

Malware in sbrugna...

EUVD-2015-4554

Malware in sbrugna...

EUVD-2008-1374

Malware in sbrugna...

EUVD-2007-0915

Malware in sbrugna...

EUVD-2017-17863

Malware in sbrugna...

CVE-2025-48388

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols \r, \n,...

CVE-2025-30348

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...

CVE-2025-30348

CVE-2025-30348 affects Qt’s QDom encodeText before 6.8.0, where a complex XML string copy/inline replacement can cause performance degradation. Several advisories (e.g., SUSE) reference this vulnerability with fixes in Qt6.8.x or later; remediation is to update Qt to a patched release. If applyin...

CVE-2025-30348

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...

Pimcore Vulnerable to SQL Injection in getRelationFilterCondition

Summary Authenticated users can craft a filter string used to cause a SQL injection. Details Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer. This code does not look to sanitize inputs:...

PT-2025-5341

Name of the Vulnerable Software and Affected Versions asteval versions prior to 1.0.6 Description The issue is rooted in how asteval performs handling of FormattedValue AST nodes, specifically the on formattedvalue value using the dangerous format method of the str class. This allows an attacker ...