100 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-8997
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application...
PT-2026-42886
A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...
CVE-2026-8997
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...
CVE-2026-8997 Heap Buffer Overflow in vifm
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...
Vifm 安全漏洞
Vifm is a Vim-style file manager developed by Vifm. Versions 0.12.1 to 0.14.3 of Vifm contain security vulnerabilities. These vulnerabilities stem from heap buffer overflows during historical merges, which could lead to memory corruption or application crashes...
CVE-2026-37630
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...
PT-2026-39832
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js mapped arguments mark function...
QuickJS 安全漏洞
QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. Version 0.12.1 of QuickJS contains a security vulnerability, which stems from a problem with the jsmappedargumentsmark function. This vulnerability could allow attackers to execute arbitrary code...
CVE-2026-42279 solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...
EUVD-2026-28527
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...
CVE-2026-42279
Solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} endpoint accepts a route-bound timeEntry UUID from another organization when the caller has time-entries:update:all in the URL organization, allowing a known for...
[SECURITY] Fedora 44 Update: nheko-0.12.1-16.fc44
The motivation behind the project is to provide a native desktop app for Matrix that feels more like a mainstream chat app...
CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer
lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...
CVE-2026-32829 lz4_flex: Decompression can leak information from uninitialized memory or reused output buffer
lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...
RUSTSEC-2026-0041 Decompressing invalid data can leak information from uninitialized memory or reused output buffer
Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...
Linux Distros Unpatched Vulnerability : CVE-2026-3979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function jsiteratorconcatreturn of the file quickjs.c. This manipulation causes use...
CVE-2026-3979
CVE-2026-3979 affects quickjs-ng/quickjs up to 0.12.1. The issue is in the function js_iterator_concat_return in quickjs.c, enabling a use-after-free condition. Exploitation requires local access, and a public exploit has been published. A patch is available (patch name: daab4ad4bae4ef071ed029461...
CVE-2026-3979
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function jsiteratorconcatreturn of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name:...
QuickJS 资源管理错误漏洞
QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. Versions of QuickJS prior to 0.12.1 contained a resource management vulnerability. This vulnerability stemmed from incorrect operations on the jsiteratorconcatreturn function in the quickjs.c file,...
UBUNTU-CVE-2026-21619
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...