SUSE CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

DEBIAN-CVE-2026-31885

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-31885 FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

CVE-2026-29078

Lexbor CVE-2026-29078 affects the ISO-2022-JP encoder prior to version 2.7.0. The bug is caused by not resetting the temporary size variable between iterations, so ctx->buffer_used -= size with a stale size (3) underflows to SIZE_MAX. This underflow leads to memcpy called with a negative lengt...

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

Poseidon V1 variable-length input collision via implicit zero-padding

Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...

RLSA-2026:4447 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 For more details about the security issues, including the...

BIT-GITLAB-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

CVE-2026-3921

An use after free flaw was found in the TextEncoding component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484946544...

ImageMagick < 6.9.13-41 / 7.x < 7.1.2-16 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-41 and 7.x prior to 7.1.2-16. It is, therefore, affected by multiple vulnerabilities. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and...

PT-2026-25330

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-buffer used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE MAX. Afterwards, memcpy is called wit...

KLA90935 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in Web Speech can be exploited to...

WordPress plugin wpDiscuz 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Ruby on Rails: Rails::HTML::Sanitizer.allowed_uri? returns true for entity-encoded control-character-split javascript: URLs

A vulnerability was discovered in the Rails::HTML::Sanitizer.alloweduri? method of the rails-html-sanitizer library. The method incorrectly returned true for entity-encoded control-character-split javascript: URLs, which could lead to potential security issues if the application relied on the...

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error in the chunk size parsing process when handling HTTP requests with Transfer-Encoding set to chunked. An attacker can cause HTTP request or response smuggling by sending a chunk size value that parses to 2^64 or...

DEBIAN-CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...