Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53407)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-53406)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-48730)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000785 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2025-52429)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerabili...

MiracleLinux 7 : udisks2-2.7.3-9.el7 (AXSA:2019-4045:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4045:02 advisory. udisks: Format string vulnerability in udiskslog in udiskslogging.c CVE-2018-17336 Tenable has extracted the preceding description block directly from the...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4 (AXSA:2019-3940:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3940:03 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.201-2.6.16.1.0.1.el7.AXS7 (AXSA:2019-3680:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3680:01 advisory. OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 81991...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000825)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000825 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate...

CVE-2025-14232

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

EUVD-2026-2789

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...

CVE-2026-22803

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...

GHSA-J2F3-WQ62-6Q46 @sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)

Summary The experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. Details When a form is submitted to a remote functi...

Allocation of Resources Without Limits or Throttling

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in HDF5 dataset metadata validation. An attacker can cause excessive memory consumption and crash the Python...

UBUNTU-CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...

CVE-2025-68816

A flaw was found in the Linux kernel's mlx5 firmware tracer. A malicious or compromised firmware can provide specially crafted format strings to the tracer. Due to insufficient validation of these parameters, this can lead to system crashes, resulting in a Denial of Service DoS, or potentially...

net/mlx5: fw_tracer, Validate format string parameters

...

CVE-2026-0961

A flaw was found in Wireshark. This vulnerability allows an attacker to trigger a crash in the BLF file parser by providing a specially crafted file. Successful exploitation leads to a denial of service DoS, making the application unavailable to legitimate users. Mitigation To mitigate this issue...

SUSE CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...