UBUNTU-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

JLSEC-2026-569

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

CLSA-2026-1779368985 opensc: Fix of CVE-2023-40660

CVE-2023-40660: fix potential PIN bypass when card tracks its own login state...

PJSIP 输入验证错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained a vulnerability related to input validation errors. This...

PT-2026-35059

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description An integer overflow occurs in the media stream buffer size calculation when processing Session Description Protocol SDP with asymmetric ptime configuration. This overflow can lead to an undersized buffe...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained security vulnerabilities, which stemmed from insufficient buffer...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.10) potentially affected by CVE-2026-34532 via parse-server (>=9.6.0-alpha.37 <=9.6.1)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.10 Source cves: CVE-2026-34532 Source advisory: OSV:GHSA-VPJ2-QQ7W-5QQ6...

EUVD-2026-17494

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities were caused by specially crafted ICC configuration files that could lead to stack buffer overflo...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities, which were caused by an implicit conversion from signed integers to sizet, resulting in undefined behavior...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities. These vulnerabilities stemmed from the handling of specially crafted ICC configuration files, where invalid enumeratio...

iccDEV 缓冲区错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained a buffer error vulnerability, which was caused by a heap buffer overflow in the icAnsiToUtf8 function during XML conversion...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities were caused by heap buffer overflows when processing specially crafted ICC configuration files,...

iccDEV 代码问题漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained code-related vulnerabilities. These vulnerabilities stemmed from specially crafted ICC configuration files that could trigger calls to null...

Hardening Confidential Federated Compute against Side-Channel Attacks

In this work, we identify a set of side-channels in our Confidential Federated Compute platform that a hypothetical insider could exploit to circumvent differential privacy DP guarantees. We show how DP can mitigate two of the side-channels, one of which has been implemented in our open-source...

iccDEV 缓冲区错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained a buffer error vulnerability. This vulnerability stemmed from a heap-based buffer overflow in the icCurvesFromXml function, which could lead to...

CVE-2026-25048

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

c3p0 代码问题漏洞

c3p0 is an open-source JDBC connection pool library developed by Steve Waldman. Versions of c3p0 prior to 0.12.0 had code vulnerabilities, which stemmed from improper deserialization and could lead to the execution of arbitrary code...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained security vulnerabilities, which stemmed from a heap buffer...