CVE-2009-20007 Talkative IRC v0.4.4.16 Response Buffer Overflow

Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code...

USN-7752-1 libyang2 vulnerabilities

It was discovered that libyang incorrectly handled certain memory operations when parsing YANG strings. An attacker could possibly use this issue to cause libyang to crash, resulting in a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2022-50255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Fix reading strings from synthetic events The follow commands caused a crash: cd /sys/kernel/tracing echo 's:open char file' dynamicevents echo...

CVE-2025-43353

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. Processing a maliciously crafted string may lead to heap corruption...

CVE-2022-50255

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix reading strings from synthetic events The follow commands caused a crash: cd /sys/kernel/tracing echo 's:open char file' dynamicevents echo 'hist:keys=commonpid:file=filename:onchange$file.traceopen,$file'...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

CVE-2025-6051

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library’s EnglishNormalizer.normalizenumbers method of the CLVP model. Maliciously crafted long numeric strings cause excessive CPU usage due to inefficient regex processing, leading to...

Apple macOS 缓冲区错误漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A buffer error vulnerability exists in Apple macOS that stems from insufficient boundary checking when processing specially crafted strings, which could lead to heap corruption...

PT-2025-37844

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: The issue was addressed with improved bounds checks. Processing a maliciously crafted string may lead to heap corruption...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.52.4 and earlier, which stems from the mishandling of numeric strings in the normalizenumbers method...

BIT-NIFI-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

CVE-2025-8425

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...