42 matches found
PT-2026-60388
Name of the Vulnerable Software and Affected Versions view component versions 4.0.0 through 4.11.0 Description ViewComponent::Base instances retain render-scoped objects across calls to the render in function. If the same component, collection, or spacer component instance is reused across...
OESA-2026-2971 gzip security update
gzip is a single-file/stream lossless data compression utility, where the resulting compressed file generally has the suffix .gz. Security Fixes: GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the...
Protection Mechanism Failure
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Protection Mechanism Failure due to shared mutable state in the shortencode function. An attacker can execute arbitrary code by providing a malicious pickle payload...
EUVD-2026-41676
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
PT-2026-55705
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions prior to 0.1.12 Description An issue exists where the UnsafeImportsML analysis pass unconditionally calls the AnalysisContext.shorten codenode function on every import node. This action populates a shared...
CVE-2026-10140
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...
EUVD-2026-40403
IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...
PT-2026-53957
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description The voice mode contains improper shared-state handling, which allows API clients to be reused across tenant boundaries. An authenticated attacker can manipulate the cache state, causin...
CVE-2026-41992 Global Buffer Overflow in GNU gzip
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
CVE-2026-41992
GNU gzip is affected by a global buffer overflow in the LZH decompression logic caused by reusing a shared global state across LZ77/LZW/LZH within a single run. The vulnerability arises from a global array not reinitialized between files, enabling an attacker to deplete or poison the shared state...
CVE-2026-41992
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
EUVD-2026-40069
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
CVE-2026-41992 Global Buffer Overflow in GNU gzip
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
CVE-2026-41992
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...
PT-2026-53256
Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description An issue exists in the LZH decompression logic where shared global state is improperly reused between different decompression formats during a single execution. The software maintains a glob...
CVE-2026-11625
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...
CVE-2026-11625
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...
CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...
EUVD-2026-39640
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...