CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-41232 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

CVE-2026-31483

In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but does not have an arrayindexnospec boundary to prevent access past the syscall function pointer tables...

CVE-2026-31483

CVE-2026-31483 affects the s390 architecture in the Linux kernel. The root cause is a missing array_index_nospec() boundary in the syscall dispatch table, allowing a user-controlled syscall number to exceed the function pointer table and potentially read kernel memory via speculative execution (S...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006920)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006920 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

fontforge: FontForge: Remote Code Execution via malicious SFD file parsing

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index of tcg-kp-AIKCertificate Extended Key Usage OID during TPM device attestation. An attacker can cause a panic and disrupt service availability by submitting a crafted attestation key certificate with an...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006742 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

Improper Validation of Array Index

Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafte...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafted input with negative parameter length to bypass validation and cause an...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the losslessjpegloadraw function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted file. Remediation Upgrade libraw to version 0.22.1 or higher...

GO-2026-4789 Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats

Packetbeat does not properly validate an array index in multiple protocol parser components in github.com/elastic/beats...

LibRaw lossless_jpeg_load_raw heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2331 LibRaw losslessjpegloadraw heap-based buffer overflow vulnerability April 7, 2026 CVE Number CVE-2026-21413 SUMMARY A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality of LibRaw Commit 0b56545 and Commit d20315b. A...

GHSA-2C6H-4899-WJXR scaly: Multiple soundness issues in Rust safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

scaly: Multiple soundness issues in Rust safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...