Category Archives: Republished Content

Information published. Continue reading CVE-2022-32206 curl < 7.84.0 supports “chained” HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable “links” in this “decompression chain” was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a “malloc bomb” makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.→

Information published. Continue reading CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.→

Information published. Continue reading CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions→

Information published. Continue reading CVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop→

Information published. Continue reading CVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium→

Information published. Continue reading CVE-2025-48637 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.→

Information published. Continue reading CVE-2023-46847 Squid: denial of service in http digest authentication→

Information published. Continue reading CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service→