5 matches found
CVE-2026-42579 Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...
PT-2026-29881
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.156, 25.0.90, and 26.0.12 Description Group-Office, an enterprise customer relationship management and groupware tool, is affected by an insecure deserialization issue in the AbstractSettingsCollection model...
CVE-2026-28228
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-1230
CVE-2026-1230 affects GitLab CE/EE across multiple release lines, where an authenticated user could cause repository downloads to present code different from what the web UI shows due to incorrect validation of branch references. Affected versions include all 1.0–before 18.7.6, 18.8–before 18.8.6...
Arm Mali GPU Kernel Driver 资源管理错误漏洞
The Arm Mali GPU Kernel Driver is a driver for a graphics processor unit from Arm UK. A security vulnerability exists in the Arm Mali GPU Kernel Driver, which stems from a reuse-after-release vulnerability and affects the following products and versions: Midgard versions r28p0 through r29p0, prio...