Lucene search
K

13369 matches found

OSV
OSV
added 2025/10/22 10:15 p.m.1 views

DEBIAN-CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

7.5CVSS5.3AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2025/10/22 10:15 p.m.2 views

UBUNTU-CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

8.7CVSS7AI score0.00402EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/10/22 9:36 p.m.4 views

CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

8.7CVSS5.3AI score0.00402EPSS
Exploits0
Hacker One
Hacker One
added 2025/10/22 9:13 p.m.12 views

curl: Use of Deprecated strcpy() with Fixed-Size Buffers in Progress Time Formatting

Step 2: Locate Vulnerable Code in Progress.c Find exact strcpy usage in toolprogress.c grep -n "strcpy" ./src/toolprogress.c OUTPUT: 94: strcpyr, "--:--:--"; Step 3: Analyze the Vulnerable Function View complete time2str function sed -n '/^static void time2str/,/^/p' ./src/toolprogress.c Vulnerab...

7.7AI score
Exploits0
EUVD
EUVD
added 2025/10/22 6:30 p.m.6 views

EUVD-2022-55056

In the Linux kernel, the following vulnerability has been resolved: f2fs: use spinlock to avoid hang 14696.634553 task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x00000004 14696.638285 Call Trace: 14696.639038 14696.640032 schedule+0x302/0x930 14696.640969 schedule+0x58/0xd0 14696.64179...

5.5CVSS5AI score0.00239EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2023-60017

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...

5.7AI score0.00182EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2023-60016

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

4.9AI score0.0019EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/22 1:23 p.m.7 views

CVE-2022-50574 drm/omap: dss: Fix refcount leak bugs

In the Linux kernel, the following vulnerability has been resolved: drm/omap: dss: Fix refcount leak bugs In dssinitports and dssuninitports, we should call ofnodeput for the reference returned by ofgraphgetportbyid in fail path or when it is not used anymore...

0.002EPSS
Exploits0References6
Snyk
Snyk
added 2025/10/22 6:53 a.m.6 views

Malicious Package

Overview js-repack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/22 2:5 a.m.1 views

Malicious Package

Overview react-medias is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/22 2:1 a.m.3 views

Malicious Package

Overview tailwindcss-awesomefont is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/21 8:25 p.m.3 views

GHSA-C8G6-QRWH-M3VP NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/21 8:25 p.m.11 views

NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/10/21 7:21 a.m.2 views

Malicious Package

Overview @jdei/codmi-figma-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/21 6:21 a.m.4 views

Malicious Package

Overview hash-script is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/21 6:19 a.m.2 views

Malicious Package

Overview optional-native-module-abc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/21 6:16 a.m.2 views

Malicious Package

Overview webpack-css-load-branch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/21 5:46 a.m.2 views

Malicious Package

Overview ggtech2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987515 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcmsf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...

5.5CVSS6AI score0.00268EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987516 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operation...

4.7CVSS5.5AI score0.00219EPSS
Exploits0References4
Rows per page
Query Builder