CVE-2026-4147

The CVE-2026-4147 entry describes an issue where an authenticated user with the read role can read limited amounts of uninitialized stack memory through specially crafted issuances of the filemd5 command. Root cause: exposure of uninitialized stack memory during filemd5 handling. Impact: potentia...

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from tattucan’s use of unbounded memory copying during its multi-frame assembly cycle, which could lead to stack...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005692)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005692 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre...

CVE-2025-29950

Improper input validation in system management mode SMM could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution...

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2025-70083

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OSMAXPATHLEN. If the length of DirName i...

OpenSatKit 安全漏洞

OpenSatKit is an open-source application development toolkit developed by OpenSatKit. Version 2.2.1 of OpenSatKit contains a security vulnerability. This vulnerability stems from a stack buffer overflow during the copy operation of the DirName field, which may lead to overwriting of adjacent stac...

CVE-2025-29950

Improper input validation in system management mode SMM could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution...

CVE-2025-29950

Improper input validation in system management mode SMM could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution...

CVE-2025-29950

CVE-2025-29950 describes an improper input validation in AMD’s System Management Mode (SMM) that could allow a privileged local attacker to overwrite stack memory and achieve arbitrary code execution. Public sources in the connected set consistently frame this as an SMM/stack-corruption issue wit...

CVE-2025-29950

Improper input validation in system management mode SMM could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution...

CVE-2026-1849

MongoDB Server is affected by an out-of-memory failure triggered while evaluating expressions that produce deeply nested documents. The root cause is that recursive functions do not periodically check expression depth, allowing unbounded nesting to exhaust memory. Impact is Availability (high) wi...

CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

Linux-Usermode-Exploitation-101

Linux Usermode Exploitation 101 Introduction The aim of th...

CVE-2026-23569

An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...

EUVD-2026-4993

An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...

PT-2026-5256

Name of the Vulnerable Software and Affected Versions TeamViewer DEX Client versions prior to 26.1 Description An out-of-bounds read issue exists in the TeamViewer DEX Client formerly 1E Client - Content Distribution Service NomadBranch.exe on Windows. A crafted request can trigger this issue,...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A denial of service vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause a stack memory leak and denial of service...

glibc security update

2.39-58.0.1.7 - Forward port Oracle changes to 2.39-58.7. - Reviewed-by: David Faust Oracle history: November-26-2025 Cupertino Miranda - 2.39-58.0.1.2 - Forward port Oracle changes to 2.39-58.2. - Reviewed-by: Jose E. Marchesi September-29-2025 David Faust - 2.39-58.0.1 - Forward port Oracle...