CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52855)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-66473

XWiki's REST API fails to enforce a limit on the number of items returned in a single request. Affected versions include 16.10.10 and earlier, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0. The issue can cause slowness or unavailability on large wikis, depending on wiki size and memo...

The vulnerability of the xmlSchematronFormatReport() function in the libxml2 library allows a attacker to trigger a service failure.

The vulnerability of the xmlSchematronFormatReport function in the libxml2 library relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures through a specially created XML file...

OESA-2024-1362 telnet security update

Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. The package includes a remote login client program for telnet and a server daemon. Security Fixes: telnetd ...

VulnCheck KEV: CVE-2022-31678

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...

polkit: file descriptor leak allows an unprivileged user to cause a crash

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being...

CVE-2021-36318

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage...

PT-2021-21220 · Dell Emc · Dell Emc Avamar

Name of the Vulnerable Software and Affected Versions: Dell EMC Avamar versions 18.2, 19.1, 19.2, 19.3, 19.4 Description: The issue is related to plain-text password storage. A high privileged user could potentially exploit this, leading to a complete outage. Recommendations: For versions 18.2,...

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from a security vulnerability that stems from an OOB read vulnerability in libsaacextractor prior to the September 2021 release of SMR. An attacker can exploit...

mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

The vulnerabilities of PDF viewer programs such as Adobe Reader, Adobe Reader Document Cloud, and PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat allow attackers to cause service interruptions or execute arbitrary codes.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Adobe Reader Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to buffer overflow vulnerabilities. Exploiting these vulnerabilities can allow attackers to execute arbitra...