158168 matches found
php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...
CVE-2026-49942
Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...
CVE-2026-49941
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...
CVE-2026-49940
Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...
CVE-2026-40930
LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...
CVE-2026-7774
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
GHSA-WV26-88M5-6H59 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-42876 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-FQ7H-9X26-6J22 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-42875 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-W2Q5-6Q6X-X959 vulnerabilities
Vulnerabilities for packages: kube-state-metrics, minio-operator, opentofu, azcopy, kube-rbac-proxy, trust-manager, velero, container-object-storage-interface, yunikorn-k8shim, terraform-provider-google, syft, boring-registry, ipfs-cluster, policy-controller, rancher-agent, knative-client, trivy,...
CVE-2026-39821 vulnerabilities
Vulnerabilities for packages: kube-state-metrics, minio-operator, opentofu, azcopy, kube-rbac-proxy, trust-manager, velero, container-object-storage-interface, yunikorn-k8shim, terraform-provider-google, syft, boring-registry, ipfs-cluster, policy-controller, rancher-agent, knative-client, trivy,...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: kube-state-metrics, grafana-operator, crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, opentofu, crossplane-provider-aws-sqs, cluster-proportional-autoscaler, aws-efs-csi-driver, container-object-storage-interface, kots,...
GHSA-6M68-W836-P72W vulnerabilities
Vulnerabilities for packages: binutils...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: kube-state-metrics, grafana-operator, crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, opentofu, crossplane-provider-aws-sqs, cluster-proportional-autoscaler, aws-efs-csi-driver, container-object-storage-interface, kots,...
CVE-2026-6846 vulnerabilities
Vulnerabilities for packages: binutils...
GHSA-C64W-HPM6-XX8W vulnerabilities
Vulnerabilities for packages: binutils...
CVE-2025-69650 vulnerabilities
Vulnerabilities for packages: binutils...
GHSA-63QM-V5PW-47H7 vulnerabilities
Vulnerabilities for packages: binutils...
CVE-2025-69649 vulnerabilities
Vulnerabilities for packages: binutils...