15097 matches found
CVE-2026-41926
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...
GHSA-V2FC-QM4H-8HQV Nokogiri XSLT transform has a memory leak
Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...
CLSA-2026-1778071148 openssl: Fix of 4 CVEs
CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane-mcert in danematch X509 reference-count bypass / UAF - CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number - CVE-2026-28389: fix NULL deref in...
EUVD-2026-27818
In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...
EUVD-2026-27697
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...
CVE-2026-43200
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...
CVE-2026-43257
In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...
CVE-2026-43257
The CVE-2026-43257 issue affects the Linux kernel media cx88 driver. The root cause is a missing unmap in snd_cx88_hw_params() in the error path, leading to unreleased resources when cx88_alsa_dma_map() is used. The fix adds cx88_alsa_dma_unmap() in the error path to release the DMA resource and ...
CVE-2026-43200
The CVE-2026-43200 issue affects the Linux kernel PCI endpoint functionality. Specifically, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() swap parameters in their configfs unlink paths, which can trigger a kernel crash when using unlink in configfs. Red Hat's advisory frames thi...
CVE-2026-43200
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...
CVE-2026-43135 media: cx23885: Add missing unmap in snd_cx23885_hw_params()
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...
CVE-2026-43135
In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...
Improperly Controlled Modification Of Dynamically-Determined Object Attributes
Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...
PT-2026-37475
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the snd cx23885 hw params function. In the error path, the system fails to call cx23885 alsa dma unmap, which is necessary to release the resource previously...
PT-2026-37597
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the Linux kernel within the snd cx88 hw params function. The issue arises because the error path fails to call cx88 alsa dma unmap, which is necessary to releas...
PT-2026-38288
Name of the Vulnerable Software and Affected Versions vLLM versions 0.18.0 through 0.19.1 Description The extract hidden states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError that crashes the EngineCore process. This...
CVE-2026-39852
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...
CVE-2026-39852
Summary of CVE-2026-39852 : Quarkus exposes an authorization bypass due to path normalization mismatch between the security layer and RESTEasy Reactive routing, which preserves semicolons (matrix parameters) in the raw URL while routing drops them for endpoint matching. This allows unauthenticate...
CVE-2026-31196
OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...
CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...