13368 matches found
EUVD-2025-210388
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...
CVE-2025-71355
CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...
CVE-2026-57204
CVE-2026-57204 affects the Python PDF library pypdf. Before version 6.13.3, a malicious PDF can trigger a DoS by causing excessive memory usage when parsing a content stream without a /Length value, due to MAX_DECLARED_STREAM_LENGTH being ignored. The issue is resolved in pypdf 6.13.3. The vulner...
CVE-2026-57959
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
EUVD-2026-40145
Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...
CVE-2026-57959
CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...
CVE-2026-54370
A time-of-check to time-of-use TOCTOU race condition vulnerability was found in acl. By replacing a pathname component with a symbolic link between a security check and subsequent file operations, an attacker can redirect file access control list operations. This occurs when privileged processes...
urllib3: urllib3: Denial of Service due to excessive HTTP response decompression
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...
urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...
Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-13878 CVE-2026-1519 CVE-2026-3592 CVE-2026-5946 CVE-2026-5950)
IBM SECURITY ADVISORY First Issued: Mon Jun 29 06:22:46 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory30.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-13878, CVE-2026-1519,...
Release Information for Veeam Backup for Microsoft 365 8.5
Requirements This release can be used to: upgrade an existing v8, v8.1, v8.2, v8.3, or v8.4 deployment of Veeam Backup for Microsoft 365 to v8.5. install a new deployment of Veeam Backup for Microsoft 365 v8.5. After installing this release, the Veeam Backup for Microsoft 365 build number will be...
Linux Distros Unpatched Vulnerability : CVE-2026-53303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding...
CVE-2026-57453
A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file...
EUVD-2026-31686
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...
PT-2026-52939
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the enetc network driver regarding NTMP DMA Direct Memory Access operations. If the netc xmit ntmp cmd function times out and returns an error, the pendi...
DEBIAN-CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-46602
The CVE-2026-46602 issue affects the TIFF decoder in golang.org/x/image: it does not enforce a limit on tile sizes in tiled TIFF images, which can lead to unbounded memory consumption when processing a malicious or corrupted image with a very large tile. This is stated across multiple sources in ...
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...