DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read

The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed...

CVE-2026-58058

CVE-2026-58058 : Nmap up to 7.99 is affected by an integer underflow in IPv6 extension-header parsing (ipv6_get_data_primitive in libnetutil/netutil.cc). A crafted or truncated IPv6 extension header returned by a scanned target or on-path attacker can cause the remaining-length to underflow to a ...

EUVD-2026-39978

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

CVE-2026-58049

CVE-2026-58049 concerns FFmpeg’s RASC video decoder (decode_dlta in libavcodec/rasc.c). The issue arises when the code performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates the DLTA region in pixels rather than bytes. On PAL8 frames, this enables a DLTA ...

EUVD-2026-39969

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

CVE-2026-10643

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

CVE-2026-49416

The CVE-2026-49416 issue affects FreeBSD vt(4) CONS_HISTORY ioctl. The bug occurs when a large history size is requested, causing an integer overflow in the buffer size calculation and resulting in a heap allocation smaller than needed; subsequent initialization writes beyond the allocation, enab...

netfilter: ebtables: fix OOB read in compat_mtw_from_user

...

netfilter: conntrack_irc: fix possible out-of-bounds read

...

net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list

...

Chromium: CVE-2026-13033 Out of bounds read in Blink>InterestGroups

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-46604

The CVE-2026-46604 entry concerns the TIFF decoder in golang.org/x/image. The underlying issue is a panic that occurs when decoding an invalid TIFF image with an out-of-bounds strip offset, as described in multiple sources. The affected component is the TIFF decoding path within x/image/tiff. The...

GO-2026-5066 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...

CVE-2026-53303

CVE-2026-53303 — In the Linux kernel's f2fs subsystem, f2fs_sbi_show() reads extension_list, extension_count, and hot_ext_count without holding sbi->sb_lock. A concurrent sysfs store in f2fs_update_extension_list() could cause inconsistent counts or contents, risking out-of-bounds access or di...

CVE-2026-52963

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA USB audio driver. The driver's handling of MIDI Musical Instrument Digital Interface endpoint descriptors did not properly bound scans, allowing it to read beyond the intended memory buffer. This out-of-bounds read coul...

CVE-2026-54341

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

CVE-2026-57454

A flaw was found in Vim, an open source command-line text editor. A local attacker could exploit this vulnerability by providing a specially crafted undo or swap file. When Vim processes this file, an out-of-bounds read occurs, which can lead to the disclosure of sensitive information from memory...

CVE-2026-54341 Dragonfly: RESTORE operations may crash the server

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

EUVD-2026-39811

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...