CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

Exploit for Use of Externally-Controlled Format String in Ghs Integrity_Rtos

🛡️ CVE-2019-7711: Green Hills INTEGRITY RTOS Information Lea...

OESA-2026-2262 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-2261 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-2250 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing...

EUVD-2026-28902

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

CVE-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

PT-2026-39424

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow exists in the SWSDfldsrch function within the frmts/hdf4/hdf-eos/SWapi.c file. This issue can be triggered through local access by executing a manipulation...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016808 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read...

Unity Linux 20.1070e Security Update: ImageMagick (UTSA-2026-017382)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017382 advisory. A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo function of dcm.c file. This vulnerability is triggered when an attacker passes a specially...

CLSA-2026-1778268804 Update of java-1.8.0-openjdk

Fix release version format: place .el9 before .tuxcare.els1 suffix; bump rpmrelease to 2...

CVE-2026-41511

CVE-2026-41511 affects the OpenMcdf .NET/C# library for Compound File Binary (CFB) manipulation. Before version 3.1.3, the library failed to detect cycles in the directory-entry red–black tree, allowing a crafted CFB file to create a cycle in LeftSiblingID/RightSiblingID that causes Storage.Enume...

CVE-2026-41511 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

UBUNTU-CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

EUVD-2026-28807

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

stb-image-cwe190-poc

PoC — stbimage v2.30 stbiconvertformat16 integer overf...

EUVD-2023-51398

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

DEBIAN-CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...