3008 matches found
os: golang: Go os.Root: Symlink following vulnerability allows directory traversal
A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...
GHSA-V722-58F9-VCJ4 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-azure, linux-qemu, linux-gcp...
CVE-2026-53253 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-azure, linux-qemu, linux-gcp...
GHSA-V68W-64JW-RFJJ vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-53131 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-qemu, linux-qemu-melange, linux-azure, linux-gcp, linux-vmware...
CVE-2026-55380
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
CVE-2026-8924
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-54886
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
CVE-2024-52282 vulnerabilities
Vulnerabilities for packages: harvester, harvester-fips...
GHSA-7H4P-RFFG-7823 vulnerabilities
Vulnerabilities for packages: vllm-openai-cuda-13.0, vllm-cuda-13.2, py3-vllm-cuda-12.4...
CVE-2026-2032 vulnerabilities
Vulnerabilities for packages: firefox-esr...
GHSA-RCXP-78CQ-8WG3 vulnerabilities
Vulnerabilities for packages: firefox-esr...
GHSA-GXG5-574V-J5F6 vulnerabilities
Vulnerabilities for packages: firefox, firefox-esr...
GHSA-RG37-6QFJ-MCGW vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-6RRC-VWRV-CWXC vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-RVWP-7CCQ-MJ58 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-HWHG-7C6P-XFW2 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-999P-9MFM-FFQR vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-14324
RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...
Linux Distros Unpatched Vulnerability : CVE-2026-13866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to...