CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

EUVD-2026-35853

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

CVE-2026-9754 Stack memory disclosure in filemd5 command

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

CVE-2026-46326

A flaw was found in the Linux kernel, specifically within the iio: pressure: mprls0025pa driver. This vulnerability is due to improper initialization of the spitransfer structure, which is not consistently zeroed out before use. This could allow an attacker to potentially read sensitive informati...

CVE-2026-46329

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability occurs due to improper handling of I/O requests that extend beyond the end of a file-backed filesystem. An attacker could potentially exploit this to read uninitialized memory, leading to information disclosure. This issu...

SUSE CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...

PT-2026-48304

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

CVE-2026-45736

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the OpenCapsule function. An attacker can access sensitive information from uninitialized heap memory by crafting a truncated UEFI capsule .scap file that, when extracted, causes portions of uninitialize...

CVE-2026-48101

A flaw was found in 7-Zip. This uninitialized memory disclosure vulnerability exists in the UEFI capsule .scap parser. A remote attacker could exploit this by crafting a malicious .scap file, leading to the exposure of sensitive uninitialized heap memory as extracted file content. This could resu...

CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

CVE-2026-48101 GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

EUVD-2026-34849

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

CVE-2026-48101 GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

CVE-2026-48101

The CVE-2026-48101 entry concerns 7-Zip (versions 9.21–26.00) with an uninitialized heap memory disclosure in the UEFI capsule (.scap) parser. The OpenCapsule function allocates a heap buffer sized by attacker-supplied CapsuleImageSize (up to 1 GiB) without zero-initialization, then fills it via ...