EUVD-2025-50827

OpenEXR has buffer overflow in PyOpenEXRold's channels and channel...

CVE-2026-33405

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a...

CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the genericunpack function when parsing EXR files containing a crafted negative value for dataWindow.min.x. An attacker can cause the process to terminate unexpectedly by supplying a specially crafted E...

CVE-2026-34589

OpenEXR vulnerability CVE-2026-34589 involves an integer overflow in the DWA lossy decoder. From 3.2.0 to before 3.2.7, 3.3.0 to before 3.3.9, and 3.4.0 to before 3.4.9, the decoder computes per-component block pointers with signed 32-bit arithmetic, which can overflow for large widths and cause ...

CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

BIT-NODE-MIN-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

BIT-NODE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

Linux Distros Unpatched Vulnerability : CVE-2026-34379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to...

Linux Distros Unpatched Vulnerability : CVE-2026-34588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to...

Linux Distros Unpatched Vulnerability : CVE-2026-34380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to...

OSV-2026-532 Heap-buffer-overflow in regsub

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499446092 Crash type: Heap-buffer-overflow READ 1 Crash state: regsub formatreplace formatexpand1...

WinRAR 安全漏洞

WinRAR is a file compressor developed by the WinRAR company. This product supports compression and decompression of files in formats such as RAR and ZIP. Version 5.61 of WinRAR contained a security vulnerability, which was caused by a denial-of-service attack. This vulnerability could allow local...

Out-of-bounds Write

OpenEXR is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds checking when decoding crafted B44 or B44A EXR files, which allows an attacker to trigger memory corruption or crash the application...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-8143-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8143-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

Linux Distros Unpatched Vulnerability : CVE-2026-34544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...

Linux Distros Unpatched Vulnerability : CVE-2026-33762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git's index decoder for format version 4 fails to validate th...

SUSE CVE-2026-27489

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...

SUSE CVE-2026-34544

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...

SUSE CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...