ROS-20260610-73-0040

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

CVE-2026-11487

A flaw was found in Neovim. A local user could exploit this vulnerability by manipulating the argument path in the M.read function within the runtime/lua/vim/secure.lua file. This can lead to command injection, allowing the attacker to execute arbitrary commands on the local system...

CVE-2026-11487

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

CVE-2026-11487

CVE-2026-11487 affects Neovim up to 0.12.2. The vulnerability resides in the M.read function of runtime/lua/vim/secure.lua (View Branch). Manipulation of the argument path can lead to local command injection. An exploit has been published and may be used locally. A patch identified by f83e0dcaf8c...

UBUNTU-CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

CVE-2025-71291

A flaw was found in the Linux kernel's bcmvk module. A null-pointer dereference can occur within the bcmvkread function if a specific condition is met where a pointer entry is NULL and an error code -EMSGSIZE is returned. This vulnerability could allow a local attacker to cause system instability...

PT-2026-37456

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference can occur in the bcm vk read function. When the entry pointer is NULL and the rc variable is set to -EMSGSIZE, the system attempts to access to h msg, usr msg...

PT-2026-37836

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

CVE-2026-42477

A heap-based out-of-bounds read vulnerability in RWObjReader::read in the OBJ file parser in Open CASCADE Technology OCCT V800rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because...

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

Classroombookings 安全漏洞

Classroombookings is a school room reservation system developed by Craig A Rodway, based on PHP and MySQL. Versions of Classroombookings 2.17.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the function read in the User Display Name Handler component’s...

CVE-2026-0688

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

CVE-2026-5315

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbttbufget8 in the library stbtruetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-4012

A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may ...

EUVD-2026-11545

A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may ...

CVE-2026-4012

A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may ...

CVE-2026-4012

A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may ...

CVE-2026-4012 rxi fe fe.c read_ out-of-bounds

A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may ...