Updated libtasn1 packages fix security vulnerability

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring. CVE-2025-13151...

CVE-2025-69270 Spectrum session token in URL

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

EUVD-2026-1967

Malicious code in @maxcointech/simple-string-utils npm...

MAL-2026-233 Malicious code in simple-string-utils3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9f9db863d718f528caa234dfa722b2631eb76195f504f47670898aeb0634a The package simple-string-utils3 was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview simple-string-utils3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2026-1964

Malicious code in simple-string-utils3 npm...

Malicious code in @maxcointech/simple-string-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ce5c423557091383b99bcc8612d954b43dd380d8979019493ee390f7bfa5a30 The package @maxcointech/simple-string-utils was found to contain malicious code. Source: ghsa-malware...

PT-2026-2321

Name of the Vulnerable Software and Affected Versions TinyOS versions up to and including 2.1.2 Description TinyOS versions up to and including 2.1.2 have a stack-based buffer overflow issue in the mcp2200gpio utility. This is due to the unsafe use of strcpy and strcat functions when creating...

PT-2026-2322

Name of the Vulnerable Software and Affected Versions RIOT OS versions up to and including 2026.01-devel-317 Description RIOT OS versions up to and including 2026.01-devel-317 have a stack-based buffer overflow issue in the tapslip6 utility. This is due to unsafe string concatenation within the...

TinyOS 安全漏洞

TinyOS is an operating system in the TinyOS open source. A security vulnerability exists in TinyOS 2.1.2 and earlier versions, which stems from improper use of the strcpy and strcat functions in the mcp2200gpio utility, and could lead to stack memory corruption and application crashes...

CVE-2026-22041

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

EUVD-2026-1889

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CLSA-2026-1767970357 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

CVE-2018-19509

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...

CVE-2009-4769

Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow 1 remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow 2 remote authenticated users t...