Linux Distros Unpatched Vulnerability : CVE-2026-40890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character...

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-40890

creationtimestamp| type| source ---|---|--- 2026-04-13 10:13:33+00:00| published-proof-of-concept| https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7 2026-04-21 21:27:33+00:00| published-proof-of-concept| Telegram/PLPaRbcJDaPiLP6CzuoYppan71AlFD-MBdwXLbLZgMJCSE...

CVE-2025-40890

creationtimestamp| type| source ---|---|--- 2025-11-25 17:33:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6huq4ihs32n...

MAL-2025-40890 Malicious code in zephyr-0fin7-q1jhw-twilight-project (npm)

The package zephyr-0fin7-q1jhw-twilight-project was found to contain malicious code...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

CVE-2024-40890

CVE-2024-40890 affects Zyxel VMG4325-B10A legacy DSL CPE. The vulnerability is a post-authentication command-injection flaw in the device’s CGI program, exploitable by sending a crafted HTTP POST request to execute OS commands with elevated privileges (reported for firmware 1.00(AAFR.4)C0_2017061...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

CVE-2024-40890

creationtimestamp| type| source ---|---|--- 2025-01-29 11:50:05+00:00| exploited| https://t.me/truesecator/6669 2025-02-04 09:58:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113945027452629017 2025-02-04 10:15:39+00:00| seen|...

MGASA-2024-0374 Updated zbar packages fix security vulnerabilities

A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

Updated zbar packages fix security vulnerabilities

A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

Ubuntu: Security Advisory (USN-7118-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ZBar vulnerabilities (USN-7118-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7118-1 advisory. It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were...

Debian: Security Advisory (DSA-5614-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : zbar (2024-73d5220ed3)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-73d5220ed3 advisory. 0.23.93, fixes for two CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Fedora 38 : zbar (2024-583e4098b9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-583e4098b9 advisory. 0.23.93, fixes for two CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : zbar (SUSE-SU-2023:4948-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4948-1 advisory. - A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90...