CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

EditorConfig 安全漏洞

EditorConfig is an open-source application developed by EditorConfig. It allows for easy maintenance of the correct coding style when switching between different text editors and different projects. EditorConfig versions prior to 0.12.10 have security vulnerabilities; these vulnerabilities stem...

Hot Chocolate 安全漏洞

Hot Chocolate is a backend runtime environment open source by ChilliCream. Versions prior to 12.22.7, 13.9.16, 14.3.1, and 15.1.14 of Hot Chocolate have security vulnerabilities. These vulnerabilities stem from the recursive parser’s lack of a recursion depth limit, which can lead to stack overfl...

PT-2026-33581

Name of the Vulnerable Software and Affected Versions editorconfig-core-c versions prior to 0.12.11 Description A stack-based buffer overflow exists in the ec glob function. An attacker can cause a crash in any application using libeditorconfig by providing a specially crafted directory structure...

RockyLinux 10 : .NET 10.0 (RLSA-2026:8467)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8467 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotne...

RockyLinux 9 : .NET 8.0 (RLSA-2026:8469)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8469 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotnet...

RockyLinux 10 : .NET 8.0 (RLSA-2026:8470)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8470 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotne...

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

CVE-2026-40324

Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

CVE-2026-40170

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

CLSA-2026-1776432133 c-ares: Fix of CVE-2022-4904

CVE-2022-4904: fix stack overflow in aressetsortlist due to missing input validation...

OESA-2026-1920 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1917 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1916 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

SUSE-SU-2026:21231-1 Security update for freeipmi

This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...

SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2026:1408-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1408-1 advisory. - CVE-2025-61143: Fixed NULL pointer dereference bsc1258798. - CVE-2025-61144: Fixed stack overflow in...