EUVD-2026-34849

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

[SECURITY] [DLA 4618-1] gsasl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4618-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...

BIT-PYTHON-MIN-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

Debian dla-4618 : gsasl - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4618 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4618-1 [email protected] https://www.debian.org/lts/security/...

7-Zip >= 9.34 < 26.01 WIM / Ar SYMDEF OOB Read (GHSL-2026-115_GHSL-2026-122)

The version of 7-Zip installed on the remote Windows host is = 9.34 and prior to 26.01. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read exists in 7-Zip's WIM SecurityId handling, which can lead to a crash when processing a crafted WIM image. CVE-2026-48103 - An...

Linux Distros Unpatched Vulnerability : CVE-2026-26824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation...

PT-2026-46982

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

ROOT-APP-NPM-CVE-2023-32695 CVE-2023-32695 in @rootio/socket.io-parser - Patched by Root

Root has patched CVE-2023-32695 in the @rootio/socket.io-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-25128 CVE-2026-25128 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25128 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

CVE-2026-41207

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

ROOT-APP-NPM-CVE-2024-45590 CVE-2024-45590 in @rootio/body-parser - Patched by Root

Root has patched CVE-2024-45590 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

EUVD-2026-34307

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

Security Bulletin: Vulnerability in jackson-core-2.15.2.jar

Summary Vulnerability in jackson-core-2.15.2.jar Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the pngpushreadchunk function in the push-mode APNG parser. An attacker can inject chunked data with a malicious PNG file containing attacker-controlled bytes in an ignored ancillary chunk, which are then...

ALPINE-CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

31g-form-parser (=1.0.107), @0xmike/web-kit (>=0.0.6 <=0.1.1) +452 more potentially affected by CVE-2026-34077 via turbo-stream (>=1.2.1 <=2.4.1)

turbo-stream NPM version =1.2.1, =0.0.6, =4.0.0, =4.15.0, =0.0.3, =1.4.0, =0.0.1, =1.2.0, =1.2.0, =0.1.0, =1.0.10, =0.0.2, =1.0.0, =0.0.2, =0.0.13 and more Source cves: CVE-2026-34077 Source advisory: OSV:GHSA-RXV8-25V2-QMQ8...

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...