ALPINE-CVE-2026-6473

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the escapeandappend function in the document-builder API when processing very large input strings on platforms with limited sizet width. An attacker can cause out-of-bounds memory reads, potentially...

EUVD-2026-30265

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

PT-2026-40301

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

OESA-2026-2231 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

Linux Distros Unpatched Vulnerability : CVE-2026-43400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check...

Astra Linux - уязвимость в openssl1.0

Calls to the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions may cause the output length argument to overflow in some cases where the input length is close to the maximum permissible length for integers on the platform. In such cases, the return value from the function call will...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculations, the library may incorrectly calculate buffer boundaries. This can lead to memory writes outside of the allocated buffer. Applications...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...

CVE-2018-25275

CVE-2018-25275 affects Faleemi Plus 1.0.2 and describes a local buffer overflow that can crash the application. A 2000-byte payload pasted into the Camera name and DID number fields during camera addition is reported to trigger the crash. The connected records confirm the vulnerability and its lo...

CVE-2026-31423

A flaw was found in the Linux kernel's Hierarchical Fair Service Curve HFSC network scheduler. When processing specific large input values, a calculation error can cause a variable to be truncated to zero. This zero value is then used as a divisor, leading to a divide-by-zero error and a system...

BIT-ELK-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

EUVD-2026-20521

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

CVE-2026-33459

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

DEBIAN-CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

Smart VPN 安全漏洞

Smart VPN is a proxy software developed by Smart VPN Inc. Version 1.1.3.0 of Smart VPN contains a security vulnerability. This vulnerability arises from the search interface’s improper handling of extremely large inputs, which may allow local attackers to cause the application to crash by...

VPN Browser+ 安全漏洞

VPN Browser+ is a mobile browser application developed by VPN Browser Company, featuring integrated virtual private network capabilities. Version 1.1.0.0 of VPN Browser+ contains a security vulnerability. This vulnerability stems from the search function’s improper handling of extremely large...

Improper Validation of Specified Quantity in Input

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the chunksize parameter in app.addmediafile and app.addmediafiles media routes. An attacker can cause excessi...

Django vulnerable to Uncontrolled Resource Consumption

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

CVE-2026-25673

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...