19897 matches found
EUVD-2026-15043
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption...
CVE-2024-51347
A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...
CVE-2024-51347
A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...
PT-2026-28162
Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS’s memoryLimit security feature can be bypassed using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. When combined with a string flattenin...
PT-2026-28109
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
GHSA-XW6W-9JJH-P9CR Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...
Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
Summary Scriban's expression evaluation contains three distinct code paths that allow an attacker who can supply a template to cause denial of service through unbounded memory allocation or CPU exhaustion. The existing safety controls LimitToString, LoopLimit do not protect these paths, giving...
GHSA-M2P3-HWV5-XPQW Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
Summary The LimitToString safety limit default 1MB since commit b5ac4bf can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of currentToStringLength in ObjectToString. Each template expression rendered through TemplateContext.WriteSourceSpan, object triggers a...
Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
Summary The LimitToString safety limit default 1MB since commit b5ac4bf can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of currentToStringLength in ObjectToString. Each template expression rendered through TemplateContext.WriteSourceSpan, object triggers a...
Allocation of Resources Without Limits or Throttling
Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...
Allocation of Resources Without Limits or Throttling
Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...
Allocation of Resources Without Limits or Throttling
Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...
EUVD-2026-14899
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system...
CVE-2026-33554
ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...
CVE-2026-30662
ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...
CVE-2026-33554
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system...
EUVD-2019-19992
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and...
EUVD-2026-14784
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...
CVE-2026-3509
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...
CVE-2026-3509 CODESYS Control Audit Log Format String DoS
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...