47 matches found
EUVD-2024-39042
Malicious code in bioql PyPI...
CVE-2025-55164 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called proto, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves...
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2024-41438
A heap buffer overflow in the function cpstored /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41439
A heap buffer overflow in the function cpblock /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41440
A heap buffer overflow in the function pngquantize of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41437
A heap buffer overflow in the function cpunfilter /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41437
A heap buffer overflow in the function cpunfilter /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41443
A stack overflow in the function cpdynamic /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41437
A heap buffer overflow in the cp_unfilter() function in hicolor v0.5.0 (located in /vendor/cute_png.h) can lead to Denial of Service via a crafted PNG file. Public sources consistently describe the affected component as hicolor v0.5.0 and identify the vulnerability as a heap overflow in cp_unfilt...
CVE-2024-41439
A heap buffer overflow in the function cpblock /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41443
Affected software: hicolor v0.5.0. Vulnerable component: cp_dynamic() in /vendor/cute_png.h. Root cause: stack overflow leading to Denial of Service via a crafted PNG file. No exploitation details are provided in the documents. Patch/mitigation status: not specified in the initial sources; one re...
CVE-2024-41438
A heap buffer overflow in the function cpstored /vendor/cutepng.h of hicolor v0.5.0 allows attackers to cause a Denial of Service DoS via a crafted PNG file...
CVE-2024-41440
CVE-2024-41440 affects the image-conversion tool hicolor v0.5.0 . The vulnerability is a heap buffer overflow in the function png_quantize() , which can be triggered by a crafted PNG file and leads to Denial of Service. The connected documents confirm the same description across multiple sources ...
CVE-2024-1880
CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...
CVE-2024-34246
wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c...
CVE-2024-34252
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3compile.c...
CVE-2024-34252
wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3compile.c...
CVE-2024-34249
wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3compile.c...
CVE-2024-34249
wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3compile.c...