CVE-2025-54487

CVE-2025-54487 describes a stack-based buffer overflow in the MFER parsing path of The Biosig Project’s libbiosig 3.9.0 and the Master branch (commit 35a819fa). The vulnerability occurs during handling of tag 12 (0x0C) in biosig.c, where the code reads values and then performs a potentially unsaf...

SUSE CVE-2008-1552

The silcpkcs1decode function in the silccrypt library silcpkcs1.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS1 message, which triggers an integer...

validateUserOp does not check if missingAccountFunds matchs the signature

Lines of code Vulnerability details validateUserOp function does not check to see if missingAccountFunds uint256 matchs the signature or not . this can be abused if an attacker front run the tx and call validateUserOp in entrypoint using same sig but with a different missingaccountfunds number...

Some implementation mistakes in dnssec-oracle/BytesUtils.compare

Lines of code Vulnerability details Impact There are some implementation mistakes in dnssec-oracle/BytesUtils.compare. There should be a sanity check for offsets and lens if shortest 32 is not a correct condition. It should check the size of the last block. shortest is the total size of the bytes...

balanceAtEpochOf will revert

Lines of code Vulnerability details Impact The line for uint256 i = locks.length - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function balanceAtEpochOfuint256 epoch, address user public view returns uint256 amount...