570 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44983
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...
DEBIAN-CVE-2026-44983
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...
CVE-2026-44983
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...
UBUNTU-CVE-2026-44983
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...
CVE-2026-44983
Summary of CVE-2026-44983 (smallbitvec): An integer overflow in the internal capacity calculation (cap + bits_per_storage() - 1) can produce an undersized heap allocation, enabling a heap buffer overflow through safe APIs in versions 1.0.1–2.6.0 of the Rust crate smallbitvec. This can cause memor...
EUVD-2026-32015
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...
CVE-2026-44983 smallbitvec: Safe API Triggered Heap Buffer Overflow via Integer Overflow
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...
Deserialization of Untrusted Data
Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this functio...
CVE-2026-42874
CVE-2026-42874 affects Microdot prior to version 2.6.1, where Response.set_cookie() does not sanitize string arguments and fails to detect the CRLF sequence, enabling HTTP header injection via cookie storage. Exploitation requires the attacker to first compromise a client (e.g., through a separat...
microdot 注入漏洞
Microdot is a minimalistic Python web framework developed by Miguel Grinberg. Versions of Microdot prior to 2.6.1 contained an injection vulnerability. This vulnerability stemmed from the Response.setcookie method not properly cleaning the string parameters, which could lead to header injection...
Compromise of PyTorch Lightning PyPi Package Versions
Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...
GHSA-7WC8-WVC4-M498 Microdot has HTTP response splitting in Response.set_cookie()
Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...
Microdot has HTTP response splitting in Response.set_cookie()
Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
CVE-2026-6107
Affected product: 1Panel-dev MaxKB (
MaxKB 代码注入漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.6.1 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the file...
CVE-2026-39702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...
CVE-2026-39702
The CVE-2026-39702 entry relates to Wealcoder Animation Addons for Elementor. All connected sources describe a DOM-Based Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, affecting Animation Addons for Elementor up to and including versio...
CVE-2026-39702 WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Log4Shell POC Overview Proof of Concept for...