CVE-2026-7429

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

CVE-2026-7429

CVE-2026-7429 affects SSCMS v7.4.0 and describes a reflected cross‑site scripting flaw in the STL processing endpoint. The vulnerability arises from improper output encoding in the /api/stl/actions/dynamic endpoint, where malicious STL template payloads can be decrypted and returned without sanit...

CVE-2026-7429 SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

EUVD-2026-26417

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

CVE-2026-7429 SSCMS v7.4.0 Reflected Cross-Site Scripting via STL Processing

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

JLSEC-2026-360

readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file...

CVE-2026-35547

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to...

EUVD-2026-26355

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to...

CVE-2026-35547

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to...

CVE-2026-35547 Heap overflow in libnv

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to...

CVE-2026-35547 Heap overflow in libnv

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to...

EUVD-2026-26352

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

CVE-2026-7164

CVE-2026-7164 affects FreeBSD pf: incorrect SCTP packet validation allows unbounded recursion, leading to a stack overflow and system panic when pf processes SCTP traffic. Affected: all supported FreeBSD versions where pf handles traffic with SCTP parameters. Impact: remote attackers can cause pa...

Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...