Page 3
A critical OS command injection vulnerability (CWE-78) was discovered and patched in `voice.py`, where user-controlled input was interpolated directly into a shell command string passed to `os.system()`. An attacker who could influence the `device` variable — through a config file, environment variable, or any external input — could execute arbitrary system commands with the full privileges of the running process. The fix replaces the dangerous `os.system()` calls with Python's `subprocess.run()
A critical buffer overflow vulnerability was discovered and patched in `sys/vms/vmsmail.c`, where eight unchecked calls to `strcpy()` and `strcat()` allowed externally-sourced mail message content to overflow fixed-size buffers. An attacker capable of sending a crafted VMS mail message could overwrite stack return addresses, potentially achieving arbitrary code execution. The fix replaces all dangerous string operations with bounds-checked `snprintf()` calls, eliminating the overflow risk entire
A critical buffer overflow vulnerability was discovered in the RC device request parser (`rcdevice.c`), where incoming packet data was written to a fixed-size buffer using an attacker-controlled length field as the only guard. Because the expected data length was parsed directly from the packet without being validated against the actual allocated buffer size, a malicious packet could overflow the buffer and overwrite adjacent stack or heap memory with arbitrary bytes. The fix adds a single, esse
A critical buffer overflow vulnerability was discovered in `serial.c`, where the `rs232_buffered_input` function could write more bytes than the destination buffer `rs232_ibuff` could hold — with no size limit to stop it. An attacker with access to the RS-232 serial port could exploit this to overwrite adjacent OS memory, including return addresses and critical data structures. The fix adds a simple but essential bounds check that clamps the returned byte count to the actual buffer size.
A critical buffer overflow vulnerability was discovered in a custom `strcpy()` implementation that performed unbounded memory copies without any destination buffer size validation. In kernel and OS contexts, this flaw could allow attackers to overwrite return addresses, corrupt heap metadata, or destabilize critical system data structures. The fix replaces the unsafe `strcpy()` with a bounds-checked `strlcpy()` that enforces a maximum copy length, eliminating the overflow risk entirely.
A critical buffer overflow vulnerability was discovered and patched in `libs/intx/wrapper.cpp`, where `memcpy` operations wrote into fixed-size buffers without first validating that the copy length fit within the destination. Because these functions process externally-supplied data arriving over RPC, an attacker could potentially trigger heap or stack corruption remotely. The fix adds strict bounds and null-pointer checks before any memory operation takes place.
A critical heap buffer overflow vulnerability was discovered in ShadowsocksR-libev's server.c, where network-supplied data was copied into fixed-size heap buffers without verifying that the source length fit within the destination. An attacker could craft a malicious packet with an oversized length field to overflow the heap, potentially enabling remote code execution or denial of service. The fix adds proper bounds checking, null pointer validation after memory allocation, and reallocation fail
A critical vulnerability in an eBPF helper function allowed potential out-of-bounds memory reads and writes in kernel context due to unvalidated buffer size assumptions in chunked memory comparisons. The fix introduces a compile-time static assertion that enforces alignment invariants, ensuring that any future change to buffer size constants will produce a build error rather than silently introducing kernel memory corruption. Because eBPF programs execute with kernel privileges, this class of bu
A critical command injection vulnerability was discovered in DeepSpeed's `data_analyzer.py`, where an `os.system()` call directly interpolated an unsanitized file path variable into a shell command string. An attacker who could influence dataset configuration or file paths could execute arbitrary shell commands on the host machine. The fix replaces the dangerous shell invocation with safe, Python-native file operations that never touch a shell interpreter.
A critical vulnerability in `gemini-eval.mjs` allowed a live API key to be printed directly into error logs and console output whenever the Gemini API returned an error message containing the key string. The fix introduces runtime redaction of the API key from all error messages before they are logged, preventing accidental exposure in CI/CD pipelines, terminal history, and log aggregation systems. This is a textbook example of how secrets can leak through indirect channels even when developers
CVE-2026-40073 is a high-severity vulnerability in `@sveltejs/adapter-node` that allows attackers to bypass the `BODY_SIZE_LIMIT` configuration, potentially enabling denial-of-service attacks and resource exhaustion against SvelteKit applications. The vulnerability was silently present in versions prior to `@sveltejs/kit` 2.57.1, and has now been patched by upgrading the dependency across all affected project examples. If your application relies on body size limits to protect against oversized p
A critical heap buffer overflow vulnerability was discovered in the network packet reassembly function of `net_channel_ex.c`, where an attacker-controlled `bodylen` field could be used to corrupt heap memory without any bounds validation. The fix introduces a simple yet effective integer overflow check before accumulating packet body lengths, preventing malformed packets from triggering memory corruption. This type of vulnerability is a stark reminder that even low-level arithmetic operations in