1936 matches found
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...
CVE-2026-59857
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...
CVE-2026-57246
Technical details are not publicly available in the provided documents. Monitor for updates.
PYSEC-2026-992 Heap overflow in `QuantizeAndDequantizeV2`
Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...
PYSEC-2026-952 Incomplete validation in signal ops leads to crashes in TensorFlow
Impact The tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274. The fix will be...
PT-2026-55999
Name of the Vulnerable Software and Affected Versions vLLM versions 0.12.0 through 0.23.x Description A flaw in the EngineCore of the library occurs when a remote authorized user sends a pure prompt embeds payload to the '/v1/completions' endpoint using a model that implements M-RoPE Multimodal...
CVE-2026-53335
A flaw was found in the Linux kernel. The DAMONLRUSORT component, responsible for memory management, does not properly handle allocation failures of the damonctx object. This can lead to a NULL pointer dereference when damoncommitctx is called with a NULL ctx pointer, potentially causing a system...
BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...
CVE-2026-43717
The CVE-2026-43717 entry describes a use-after-free in Safari related to processing malicious web content. Affected products are Safari across macOS and iOS/iPadOS, with fixed versions Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Root cause stated as improved memory managemen...
CVE-2026-43706
A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43718
A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...
PYSEC-2026-334 ExecuTorch out-of-bounds access vulnerability
An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4...
CVE-2026-48090
Envoy CVE-2026-48090 affects the HTTP OAuth2 filter (envoy.filters.http.oauth2) in 1.37.0–1.37.5 and 1.38.3. A late AsyncClient completion can call OAuth2Filter methods after the downstream stream has been torn down, leading to undefined behavior, worker crashes, and use-after-free/invalid-vptr f...
CVE-2026-48933
A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions
A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations...
CVE-2026-57236
CVE-2026-57236 affects Nokogiri (Ruby) with the CRuby/libxml2 backend. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., non-string or null byte) frees the current encoding string but does not replace it, leaving the document referencing freed memory. The next call to Do...
CVE-2026-42388
Incomplete validation of the SOA record present in a catalog zone might lead to a crash...
EUVD-2026-39358
Incomplete validation of the SOA record present in a catalog zone might lead to a crash...