7898 matches found
CVE-2026-4426
CVE-2026-4426 concerns libarchive’s zisofs decompression logic where an ISO9660 Rock Ridge extension field pz_log2_bs is not properly validated. This Undefined Behavior can lead to incorrect memory allocation and a denial-of-service via crafted ISO files, with remote attack vector and user intera...
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...
RUSTSEC-2026-0048 CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...
CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...
CVE-2026-32728
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
CVE-2026-32728 Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
CVE-2026-32728
The CVE entry CVE-2026-32728 has connected details in GHSA-42PH-PF9Q-CR72 and OSV. It describes a vulnerability in Parse Server where an attacker who can upload files can bypass the file extension filter by appending a MIME parameter (for example; charset=utf-8) to the Content-Type header. This c...
CVE-2026-32728
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
CVE-2026-32728 Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
CVE-2026-32728 Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
CLSA-2026-1773830791 libssh: Fix of CVE-2026-3731
CVE-2026-3731: fix out-of-bounds read in sftpextensionsgetname and sftpextensionsgetdata when idx equals the extension count...
KLA90944 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in V8 can be exploited to cause...
Ubuntu: Security Advisory (USN-8093-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ruby4.0-rubygem-websocket-extensions-0.1.5-1.24 on GA media (moderate)
ruby4.0-rubygem-websocket-extensions-0.1.5-1.24 on GA media Announcement ID: openSUSE-SU-2026:10368-1 Rating: moderate Cross-References: CVE-2020-7663 CVSS scores: CVE-2020-7663 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves on...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : libssh vulnerability (USN-8093-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8093-1 advisory. It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a...
EUVD-2026-12625
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
GHSA-6GX3-4362-RF54 astral-tokio-tar insufficiently validates PAX extensions during extraction
Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...
astral-tokio-tar insufficiently validates PAX extensions during extraction
Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...
CVE-2026-3207
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...