CVE-2026-44967

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

EUVD-2026-36466

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

CVE-2026-44967

OpenTelemetry-cpp OTLP HTTP exporters (traces/metrics/logs) read entire HTTP responses into an unbounded in-memory byte vector before 1.27.0, enabling memory exhaustion if the collector endpoint is attacker-controlled or the connection is MITM. The issue is fixed in opentelemetry-cpp release 1.27...

Advisory ROSA-SA-2026-3304

Software: mupdf 1.26.10 Operating System: ROSA-CHROME Unaffected versions: = mupdf-1.26.10-2 Affected versions: mupdf-1.26.10-2 CVE-ID: CVE-2026-25556 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability related to double-freeing memory exists in MuPDF versions from 1.23.0 to 1.27.0. This...

Arbitrary Code Execution

Overview modelscope is a ModelScope: bring the notion of Model-as-a-Service to life. Affected versions of this package are vulnerable to Arbitrary Code Execution from the pipeline interface. There, a user can supply a malicious model that loads arbitrary modules via an acoustic-echo-cancellation...

Linux Distros Unpatched Vulnerability : CVE-2026-3308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer...

EUVD-2026-17412

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

CVE-2026-3308 CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

artifex mupdf 安全漏洞

Artifex MuPDF is a rich-text editor developed by individual developers. Unlike standard text editors, programmers can download free rich-text editors and embed them on their own websites or programs of course, paid versions offer more powerful features. This makes it convenient for users to edit...

SUSE CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

CVE-2026-25556 MuPDF 1.23.0 through 1.27.0 Barcode Decoding Double Free

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

PT-2026-6683

Name of the Vulnerable Software and Affected Versions micropython versions prior to 1.27.0 Description A flaw exists in micropython up to version 1.27.0. This issue is related to memory corruption caused by manipulation of the mp import all function within the py/runtime.c file. The attack requir...

UBUNTU-CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

Astra Linux – Vulnerability in c-ares

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...

PT-2026-6730

Name of the Vulnerable Software and Affected Versions MuPDF versions 1.23.0 through 1.27.0 Description MuPDF versions 1.23.0 through 1.27.0 have a double-free issue in the fz fill pixmap from display list function during display list rendering. This occurs when an exception happens, causing the...

CVE-2025-68148

FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in...