ruby4.0 security update

An update is available for ruby4.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is the interpreted scripting language for quick and easy object-oriente...

OESA-2026-2479 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

Real Case Exploitation of Buffer Overflow & Format String Vuln...

PT-2026-44154

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

Important: Red Hat Security Advisory: ruby4.0 security update

An update for ruby4.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

Disclaimer The code and materials contained in this repository...

CLSA-2026-1779493861 postgresql: Fix of 6 CVEs

CVE-2026-6473: use pallocarray in hstoreplperl/hstoreplpython to avoid integer overflow on 32-bit systems - CVE-2026-6474: guard pgstrftime callers against unsafe conditions and ensure null-terminated output to prevent format-string leak via crafted timezone names - CVE-2026-6475: prevent path...

Reversing-Toolkit

Reversing Toolkit 🔧 3 reverse engineering & binary exploita...

OESA-2026-2414 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OESA-2026-2413 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OESA-2026-2382 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

SUSE CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

CLSA-2026-1779389543 Fix of 6 CVEs

SECURITY UPDATE: integer wraparound on 32-bit systems in palloc callers - debian/patches/CVE-2026-6473.patch: integer wraparound on 32-bit systems in palloc callers - CVE-2026-6473 SECURITY UPDATE: format-string memory disclosure in timeofday via crafted timezones -...

CVE-2026-6474

A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

CVE-2026-7835 Format string argument mismatch

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

CVE-2026-7835

Netatalk 3.0.3–4.4.2 are affected by a format string argument mismatch. The issue (CVE-2026-7835) is fixed in 4.5.0. Debates indicate a remote authenticated attacker could cause a minor denial of service via crafted input; CVSS indicates Low impact. Recommended remediation: upgrade to Netatalk 4....

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...