5.9
CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Serβ¦
5.8
CVE-2026-1467 - Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing β¦
7.4
CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruptβ¦
5.5
CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A tyβ¦
9.8
CVE-2025-69559 -
code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php.
5.5
CVE-2025-28164 - libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
5.5
CVE-2025-65264 -
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.
4.2
CVE-2026-1484 - Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrustedβ¦
5.9
CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and β¦
7.5
CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrβ¦