EUVD-2026-33722

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

EUVD-2026-27812

In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm-inputep82 Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, pm-inputep82 stays NULL, which leads to a crash later. This...

Astra Linux - уязвимость в dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

SUSE CVE-2026-33593

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query...

CVE-2026-33593

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query...

PT-2026-34437

Name of the Vulnerable Software and Affected Versions PowerDNS dnsdist versions 1.9.0 through 1.9.12 PowerDNS dnsdist versions 2.0.0 through 2.0.3 Description An unauthenticated remote attacker can cause a denial-of-service by sending a crafted DNSCrypt query. This action triggers a divide-by-zer...

Linux Distros Unpatched Vulnerability : CVE-2026-35215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the lengt...

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the MSL decoder process. An attacker can cause a crash by providing a specially crafted MSL file. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit ...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the MakerNote decoding process for Fuji and Olympus cameras. An attacker can cause a crash or leak information by providing specially crafted image files. Remediation A fix was pushed into the...

Linux Distros Unpatched Vulnerability : CVE-2026-31411

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc point...

CVE-2019-25666 SpotAuditor 3.6.7 Denial of Service Buffer Overflow

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition...

PT-2026-30411

A race condition during TCP connection teardown can cause tcp recv to operate on a connection that has already been released. If tcp conn search returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp backlog is full and dereferenced without...

Linux Distros Unpatched Vulnerability : CVE-2025-58136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 throug...

CVE-2018-25229

CVE-2018-25229 affects BulletProof FTP Server 2019.0.0.50. The issue is a denial-of-service in the SMTP configuration interface: sending an oversized string (257 'A' characters in the SMTP Server field and clicking Test) crashes the application. Attack is local; no details on exploitation outside...

PT-2026-29011

Name of the Vulnerable Software and Affected Versions Device Monitoring Studio version 8.10.00.8925 Description A denial of service issue exists that allows local attackers to crash the application by providing a long string to the server connection dialog. Attackers can trigger this by entering ...

CVE-2016-20046 zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpych...

CVE-2019-25559 SpotPaltalk 1.1.5 Name/Key Field Denial of Service

SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a...

Linux Distros Unpatched Vulnerability : CVE-2026-27631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught...