OSV-2025-901 Heap-use-after-free in apache::thrift::protocol::TCompactProtocolT<apache::thrift::transport::TMemoryBu

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=461058054 Crash type: Heap-use-after-free READ 1 Crash state: apache::thrift::protocol::TCompactProtocolTapache::thrift::transport::TMemoryBu unsigned int parquet::format::OffsetIndex::readapache::thrift::protocol::TCompa void...

EUVD-2023-25623

Malicious code in bioql PyPI...

CVE-2025-52883

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

Information Exposure

github.com/schollz/croc is vulnerable to Information Exposure. The vulnerability is due to there case where an explicit IP isn't provided, the receiver prompts the sender for its local IP addresses using the ips? message. That triggers an unencrypted message exchange and sender will send out...

CVE-2023-21455

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message...

Authorization

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message...

CVE-2023-21455

CVE-2023-21455 affects Exynos baseband prior to SMR Mar-2023 Release 1. The root cause is improper authorization implementation, causing incorrect handling of unencrypted messages. CVSS metrics indicate high impact on confidentiality and integrity (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) with the ex...

CVE-2023-21455

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message...

CVE-2023-21455

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message...

CVE-2012-6580

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditin...

CVE-2001-0273

CVE-2001-0273 affects pgp4pine 1.75-6. The module fails to verify whether public keys loaded from GnuPG are expired, which can lead to encrypt attempts returning errors while the cleartext message is transmitted. According to CERT/CC and NVD entries, the vulnerability can cause sensitive informat...