2238 matches found
CVE-2026-32882
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay in libheif/pixelimage.cc. When compositing an overlay image iovl whose child image has a different bit depth for the alpha channel than for the color...
com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)
com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: SNYK:JAVA-COMSQUAREUPWIRE-16771313...
NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect
NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-37979 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.1)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...
PT-2026-42007
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap buffer over-read exists in the HeifPixelImage::overlay function within libheif/pixelimage.cc. This occurs when compositing an overlay image where the child image uses a different bit depth fo...
@antv/f2-site (=5.0.0-alpha.1) potentially affected by unknown CVE via @antv/f2-react (=5.14.0)
@antv/f2-react NPM version =5.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f2-react and may be impacted: - @antv/f2-site =5.0.0-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVF2REACT-16754807...
@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +29 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)
@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =0.3.0, =0.3.0, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.120.20 and more Source cves: unknown CVE Source advisory:...
CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...
CVE-2026-42348
OpenTelemetry.OpAmp.Client (OpenTelemetry .NET) is affected before version 0.2.0-alpha.1. The HTTP transport reads HttpResponseMessage.Content into memory using ReadAsByteArrayAsync without a size cap, allowing an unbounded read of the entire response body. This can cause memory exhaustion in the...
CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies
OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...
EUVD-2026-29476
sealed-env: TOTP secret embedded in unseal token payload enterprise mode...
CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...
CVE-2026-43930 Parse Server: MFA SMS one-time password accepted twice under concurrent login
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password OTP login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive...
CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
CVE-2026-43916
Summary: pam_authnft is affected by a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134) that could allow a crafted NETLINK_SOCK_DIAG reply to bypass the message-size check and dereference past the end of the allocation. This vulnerability exists prior to version 0.2.0-alpha and is ...
CVE-2026-45091
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...
CVE-2026-45091 sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...
Intel AI Playground 代码问题漏洞
Intel AI Playground is an online platform operated by Intel Corporation in the United States. Previous versions of Intel AI Playground, including 3.0.0 alpha, had code vulnerabilities that stemmed from uncontrolled search paths, which could lead to privilege escalation...
PT-2026-40031
pam authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer lookup tcp src/peer lookup.c:134, prior to the fix allowed a crafted NETLINK SOCK DIAG reply to slip past the message-size check...