Imager::File::GIF 缓冲区错误漏洞

Imager::File::GIF is a Perl image module developed by Tony Cook, which supports the reading, writing, and processing of GIF images. Versions of Imager::File::GIF 1.002 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the ireadgifmultilow function, which allocate...

Imager 缓冲区错误漏洞

Imager is an image processing program developed by Tony Cook personally. Versions of Imager 1.030 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the ireadgifmultilow function in Imager::File::GIF, which allocates a single buffer for each line of data. The size...

EUVD-2026-30477

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

CVE-2026-45370 python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

Unauthenticated Credential Disclosure

github.com/dgraph-io/dgraph is vulnerable to an unauthenticated credential disclosure. The vulnerability is due to the /debug/pprof/cmdline endpoint being accessible without authentication, which exposes the full process command line including the admin token, allowing an attacker to retrieve the...

Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

CVE-2026-44871

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

[SECURITY] Fedora 43 Update: python-click-8.1.7-12.fc43

click is a Python package for creating beautiful command line interfaces in a composable way with as little amount of code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with good defaults out of the box...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-021307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021307 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

Fedora 42 : php (2026-3a58db70ca)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3a58db70ca advisory. PHP version 8.4.21 07 May 2026 Core: Fixed bug GH-19983 GC assertion failure with fibers, generators and destructors. iliaal Fixed bug GH-21478...

CVE-2026-44870

Command injection vulnerabilities exist in the command line interface CLI service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying...

CVE-2026-44863

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44862

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44857

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-44855

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-44858

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-44859

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...