4659 matches found
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
[SECURITY] Fedora 44 Update: dr_libs-0^20260302.fa931f3-2.fc44
Single-file audio decoding libraries for C/C++...
GHSA-73J8-2GCH-69RQ .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their...
EUVD-2026-10907
Wisp Vulnerable to Path Traversal...
CVE-2026-28807
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
EEF-CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
SUSE-SU-2026:20665-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-11468: preserving parens when folding comments in email headers. bsc1257029 - CVE-2026-0672: rejects control characters in http cookies. bsc1257031 - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which coul...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
SUSE-SU-2026:20710-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-11468: preserving parens when folding comments in email headers. bsc1257029 - CVE-2026-0672: rejects control characters in http cookies. bsc1257031 - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which coul...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
Unity Linux 20.1070e Security Update: xorg-x11-server (UTSA-2026-005919)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005919 advisory. A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of...
Inefficient Decoding
pypdf is vulnerable to inefficient decoding of ASCIIHexDecode streams. The vulnerability is due to an attacker being able to craft a PDF which leads to long runtimes, where accessing a stream uses the /ASCIIHexDecode filter and can be exploited by attackers to cause a denial of service...
CVE-2026-29612
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service...
CVE-2026-29087
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...