95 matches found
PT-2026-33733
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse openai plugin json to tool bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery...
EUVD-2026-22128
jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...
PT-2026-32395
Name of the Vulnerable Software and Affected Versions HAProxy versions 2.6 through 3.3.5 Description The HTTP/3 parser fails to verify that the received body length aligns with a previously announced content-length when a stream is closed using a frame with an empty payload. This discrepancy can...
Important: gstreamer1-plugins-bad-free
Issue Overview: Various out-of-bounds reads and writes in the DVB subtitle decoder that can cause crashes for certain input files. CVE-2026-2923 GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33144
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...
[SECURITY] [DLA 4478-1] tcpflow security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4478-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini February 10, 2026 https://wiki.debian.org/LTS -...
MiracleLinux 3 : tetex-3.0-33.15.1.0.1.AXS3 (AXSA:2012-906:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-906:01 advisory. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a...
SUSE-SU-2026:20243-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures bsc1256246. - gpg...
MiracleLinux 8 : raptor2-2.0.15-17.el8_10 (AXSA:2025-9547:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9547:01 advisory. raptor: integer underflow when normalizing a URI with the turtle parser CVE-2024-57823 Tenable has extracted the preceding description block directly from th...
TencentOS Server 4: exiv2 (TSSA-2024:0274)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0274 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
SUSE: Security Advisory (SUSE-SU-2025:3779-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2017-4513
Malware in sbrugna...
CVE-2025-61600 Unbounded Memory Allocation in Stalwart IMAP parser
Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory OOM killer and causing a denial of...
Linux Distros Unpatched Vulnerability : CVE-2018-11418
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromutf8 function via a RegExp\u0020 payload, related t...
CVE-2025-26443
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Linux Distros Unpatched Vulnerability : CVE-2018-19837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LibSass prior to 3.5.5, Sass::Eval::operatorSass::BinaryExpression inside eval.cpp allows attackers to cause a denial-of-service resulting from stack...
Linux Distros Unpatched Vulnerability : CVE-2018-18385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not...
Linux Distros Unpatched Vulnerability : CVE-2024-34507
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur...