CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to version 92.0.4515.107 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

CVE-2026-45314

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

UBUNTU-CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

PT-2026-40843

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to a3f6d73 Description An infinite loop can occur during image handling when checksum calculations are performed using the 'file:///dev/zero' URL. Recommendations Update to version a3f6d73 or later...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

Linux Distros Unpatched Vulnerability : CVE-2026-44919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

EUVD-2026-30209

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

OpenStack Ironic (through 35.x before a3f6d73) is affected. During image handling, an infinite loop can occur in checksum calculations when processing file:///dev/zero, potentially impacting availability (CVSS 3.1 base score 4.3). The root cause is in the image handling/checksum path; no exploita...

EUVD-2026-29105

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

CVE-2026-33361 Meari weak XOR obfuscation

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

PT-2026-39643

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

openstack-nova-compute: Arbitrary Host File Overwrite via Unconstrained qemu-img Format Handling in OpenStack Nova

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...