17073 matches found
UBUNTU-CVE-2026-53432
fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...
EUVD-2026-40302
fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...
CVE-2026-53432
fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...
CVE-2026-53432
CVE-2026-53432 (fzf) affects the fzf project, specifically the FuzzyMatchV2 function. Affected scenario involves processing extremely long input lines (≈2,200,000 bytes) with a pattern length of 999 bytes, which causes an integer overflow and triggers a non-recoverable panic, terminating the proc...
CVE-2026-53432
fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...
CVE-2026-55276
A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex
Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...
CVE-2026-53206
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...
PYSEC-2026-329 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...
Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.18.0 shipped with IBM Cloud Pak for Business Automation iFixes for June 2026
Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation June 2026 security fixes update this dependency beyond 4.18.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: runc is a CL...
Malicious code in endpointmap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple Node.js modules (CVE-2026-45736, CVE-2026-45149, CVE-2026-3449 & CVE-2026-8723)
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to multiple Node.js modules. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws ...
libxslt: use-after-free with key data stored cross-RVT
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...
[SECURITY] Fedora 43 Update: moby-engine-29.6.0-1.fc43
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...
Fedora 43 : dotnet10.0 (2026-a424c1061e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a424c1061e advisory. Update to .NET SDK 10.0.109 and Runtime 10.0.9 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...
Fedora 44 : dotnet9.0 (2026-0dce096c13)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0dce096c13 advisory. Update to .NET SDK 9.0.118 and Runtime 9.0.17 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...
Fedora 44 : dotnet8.0 (2026-041785a779)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-041785a779 advisory. Update to .NET SDK 8.0.128 and Runtime 8.0.28 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...
Fedora 43 : dotnet8.0 (2026-2f80369c73)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2f80369c73 advisory. Update to .NET SDK 8.0.128 and Runtime 8.0.28 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...
Fedora 44 : dotnet10.0 (2026-dec081126f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dec081126f advisory. Update to .NET SDK 10.0.109 and Runtime 10.0.9 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...