CVE-2026-41257

The CVE concerns jq (1.8.1 and earlier) where the bytecode VM’s data stack uses a signed int to track allocation size. When the stack grows beyond ~1 GiB (e.g., via deeply nested generator forks), the doubling arithmetic overflows, causing the wrapped value to be passed to realloc and then used f...

CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

SUSE CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

SUSE CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

EUVD-2026-29014

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

DEBIAN-CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the validateformat function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input that triggers a stack-based buffer overflow. Remediation A fix was push...

CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258 Squirrel sqstdstring.cpp validate_format stack-based overflow

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258

CVE-2026-8258 affects Squirrel (up to 3.2), specifically the validate_format function in sqstdlib/sqstdstring.cpp, which can cause a stack-based buffer overflow via local manipulation. The vulnerability is local-exploitable; an exploit has been published and may be used. No remediation details ar...

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Linux Distros Unpatched Vulnerability : CVE-2026-41257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyo...

Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017553 advisory. libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. Tenable has...

Unity Linux 20.1070e Security Update: opensc (UTSA-2026-017704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017704 advisory. The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit. Tenable has extracted the...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the WebUI returning complete Python trace details when exceptions were not handled properly. This could allow...