73995 matches found
CVE-2026-6811
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...
CVE-2026-6811
CVE-2026-6811 affects the MongoDB PHP driver, with a stack exhaustion condition that can cause application crashes when processing deeply nested BSON documents. The issue is triggered in unusual circumstances when the BSON source is not from a MongoDB Server, and it is characterized by high avail...
CVE-2026-6811 PHP Stack Exhaustion
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...
CVE-2026-6811
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...
CVE-2026-6811 PHP Stack Exhaustion
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...
PHP Stack Exhaustion
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...
CVE-2026-42445
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...
CLSA-2026-1778767103 Fix CVE(s): CVE-2026-25576, CVE-2026-28688, CVE-2026-28690
Security: - CVE-2026-25576: heap buffer over-read in raw pixel coders - CVE-2026-28688: use-after-free in MSL encoder - CVE-2026-28690: stack-based buffer overflow in MNG/JNG encoder...
CLSA-2026-1778783464 Update of kernel
net: skbuff: propagate shared-frag marker through pskbcopy...
GHSA-RPGQ-M5FP-32WR Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Summary Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 symlink into real OS symlinks on the host filesystem via os.Symlink. The only ent...
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Summary Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 symlink into real OS symlinks on the host filesystem via os.Symlink. The only ent...
OPENSUSE-SU-2026:20753-1 Security update for agama
This update for agama fixes the following issue - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257930. Changes for agama: - Update "time" crate to version 0.3.47...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the refint process. An attacker can execute arbitrary code as the operating system user running the database or execute arbitrary SQL as the database user performing a primary key update by providing...
CVE-2026-44375
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44375
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
EUVD-2026-30299
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44375
The CVE-2026-44375 entry affects Nerdbank.MessagePack. The vulnerability arises in DateTime decoding where the reader can be fed a malicious MessagePack payload declaring an oversized timestamp extension length, enabling an attacker-controlled amount of stack memory to be allocated via stackalloc...
CVE-2026-6637
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...
CVE-2026-6477
Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...
ALPINE-CVE-2026-6637
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...