UBUNTU-CVE-2026-46198

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buffpos Fixing an integer overflow present in batadvivogmsendtoif. The size check is done using the int type in batadvivogmaggrpacket whereas the buffpos variable uses the s16 type. This could...

CVE-2026-46198

The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from integer overflow in the buffpos field within batman-adv. Due to size checks using the int type an...

PT-2026-44321

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buff pos Fixing an integer overflow present in batadv iv ogm send to if. The size check is done using the int type in batadv iv ogm aggr packet whereas the buff pos variable uses the s16 type...

DEBIAN-CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

GHSA-799F-29JM-GR6C nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: anx7625: Fixed an overflow issue when reading EDID. The length of the EDID block can be longer than 256 bytes. Therefore, we should use int instead of u8 for the edidpos variable...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - In blkdeviomapbegin, the EOF check has been refined. - In blkdeviomapbegin, the offset is rounded down to the logical block size before being stored in iomap-offset. It is also checked that the value remains within the inode...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iomap: A possible overflow condition in iomapwritedelallocscan has been fixed. folionextindex returns a signed long value; a left shift of PAGESHIFT might lead to an overflow on 32-bit systems. Instead, use folioposfolio +...

CVE-2026-28994

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to...

PT-2026-39829

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...

vLLM Vulnerable to Remote DoS via Special-Token Placeholders

Summary This report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during...

CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

CVE-2026-27644 traccar allows CSV formula injection via exported position data

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

CVE-2026-27644

CVE-2026-27644 affects Traccar (versions 6.11.1–6.13.0). CSV export writes position data and computed attributes without proper escaping, enabling an attacker to inject spreadsheet formulas via exported fields. When opened in spreadsheet software, this can lead to formula execution and potential ...

CLSA-2026-1777944852 vim: Fix of 2 CVEs

CVE-2021-3984: in findstartbrace misc1.c, when a found '' lies inside a comment, restore the full cursor position line and column instead of only the line so subsequent C-indent lookups stay within the line bounds. - CVE-2022-2571: in inscomplgetexp edit.c, when CONTADDING is active, only advance...

PT-2026-37318

Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.1 through 0.19.x Description A Token Injection issue exists in the multimodal processing of vLLM. Unauthenticated, text-only prompts containing special tokens are interpreted as control commands. When image and video...

Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

GHSA-WJX4-4JCJ-G98J Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

PT-2026-37197

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.2.0 Description An integer overflow can occur when the library tracks the current position if a font advances for each glyph by an excessively large amount. Recommendations Update to version 12.2.0...