13343 matches found
CVE-2025-28162
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005104)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005104 advisory. In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf ...
CVE-2025-28162
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...
Embedded Malicious Code
Overview dydx-v4-client is a malicious package. Versions of this package were compromised with malicious scripts in core registry files. Remediation Avoid using all malicious instances of the dydx-v4-client package. Credit: Kush Pandya...
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: 1 Malicious ZIP entries containing ../ or absolute paths that escape the extraction root via AdmZip's...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
CVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
CVE-2025-57784
CVE-2025-57784 refers to a Tomahawk authentication timing attack in the Hiawatha webserver (version 11.7) caused by the use of strcmp in the admin handling path, which could enable a local attacker to access the management client. The Red Hat and CVE records corroborate the issue as a local-timin...
CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
Exploit_Scripts
E...
Dioxus Components security vulnerabilities
Dioxus Components is a basic component open-sourced by Dioxus Labs. Version 41e4242ecb1062d04ae42a5215363c1d9fd4e23a of Dioxus Components had a security vulnerability. This vulnerability stemmed from the useofanimatedopen function, which used the user-provided ID to format eval strings, potential...