CVE-2026-34232

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

CVE-2026-32624

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domainuserseparator is configured in xrdp.ini, an unauthenticated remote attacker can send a crafted, excessively long username and domain...

UBUNTU-CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

UBUNTU-CVE-2026-34232

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

UBUNTU-CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

UBUNTU-CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

UBUNTU-CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

CubeCart 安全漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained security vulnerabilities, which were caused by SQL injection attacks. These vulnerabilities could allow attackers to execute arbitrary SQL statements on the product side...

CubeCart 安全漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained security vulnerabilities. These vulnerabilities stemmed from OS command injection, which could allow users with administrative privileges to execute arbitrary OS commands...

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

DNN 安全漏洞

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 10.2.2 contained...

PT-2026-33542

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

PT-2026-33532

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

Amazon EFS CSI Driver 安全漏洞

The Amazon EFS CSI Driver is an open-source component developed by the Kubernetes SIGs, used for mounting AWS File Storage in Kubernetes clusters. Previous versions of the Amazon EFS CSI Driver, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from improper paramet...

How Opera’s Security team helps make the web safer through responsible disclosure

Security How Opera’s Security team helps make the web safer through responsible disclosure Share April 17th, 2026 Hi everyone! At Opera, we have 30 years of experience in building safe and secure browsers. Our seasoned Security team collaborates internally as well as with external researchers to...