ROOT-OS-DEBIAN-11-CVE-2024-42230 CVE-2024-42230 in rootio-linux - Patched by Root

Root has patched CVE-2024-42230 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-50107

CVE-2026-50107 : Affects NGINX Plus or NGINX Open Source used as the data plane for NGINX Gateway Fabric. The vulnerability lies in the configuration generator component: user-supplied values from the NginxProxy CRD access log format setting are rendered directly into NGINX configuration template...

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

EUVD-2026-37545

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

DEBIAN-CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

CVE-2026-47748

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...

CVE-2026-47747 stable-diffusion.cpp has a Heap-based Buffer Overflow

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

CVE-2026-47750 stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

CVE-2026-4367

LibXpm vulnerability CVE-2026-4367: a local user can trigger an out-of-bounds read in xpmNextWord() while parsing XPM images, potentially crashing the process and causing DoS. Concrete details across connected docs show the flaw resides in libXpm, with impact limited to availability (I) and no co...

CVE-2026-47963

The CVE-2026-47963 entry concerns DNG SDK versions 1.7.1 2536 and earlier, which are affected by an out-of-bounds read (CWE-125). The vulnerability can disclose sensitive memory and requires user interaction: a victim must open a malicious file. This is the explicit impact and attack condition de...

CVE-2026-47927

CVE-2026-47927 concerns the DNG SDK, where versions 1.7.1 2536 and earlier are affected by an out-of-bounds read (CWE-125). The vulnerability could lead to disclosure of sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. The CVSS info indicates a local ...

CVE-2026-6039

A flaw was found in LibreOffice. This vulnerability, a heap buffer overflow, occurs when processing specially crafted DXF Drawing Exchange Format polyline files. An attacker could exploit this by convincing a user to open a malicious DXF file, which may lead to a denial of service DoS due to...

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

CVE-2026-10828

The CVE-2026-10828 affects the NPort W2150A-W4/W2250A-W4 Serial Param config page, where the alias parameter is vulnerable to format-string handling due to insufficient input validation in version 1.5 and earlier. This can lead to memory disclosure and potential ASLR bypass. No exploitation detai...

EUVD-2026-37062

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...