CVE-2026-2653

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stlchecknormalvector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the...

CVE-2026-2653

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stlchecknormalvector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the...

CVE-2026-2653 admesh normals.c stl_check_normal_vector heap-based overflow

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stlchecknormalvector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the...

CVE-2026-2653

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stlchecknormalvector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the...

CVE-2026-2653 admesh normals.c stl_check_normal_vector heap-based overflow

A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stlchecknormalvector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the...

CLSA-2026-1771409779 Fix CVE(s): CVE-2025-68618, CVE-2025-69204

SECURITY UPDATE: Malicious SVG file resulted in a DoS attack - debian/patches/CVE-2025-68618.patch: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-68618 SECURITY UPDATE: WriteSVGImage function, using an int variable to store numberattributes caused an integer overflow a...

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability stems from the login logo...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run. An attacker can bypass allowlist enforcement and approval prompts by supplying an allowlisted rawCommand while providing a different command argume...

CVE-2025-59903

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...

CVE-2025-59903

CVE-2025-59903 documents a Stored XSS in Kubysoft due to SVG uploads not being sanitized. The payloads can be embedded as visual content in SVG files, which are stored server-side and executed in the context of any user who views the compromised resource. The NVD/CVE records confirm the vulnerabi...

CVE-2025-59903

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...

CVE-2025-59903 Stored Cross-Site Scripting (XSS) in Kubysoft

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An...

Kubysoft 跨站脚本漏洞

Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability, which stems from improper handling of uploaded SVG images. This vulnerability could allow attackers to inject malicious scripts, enabling them to execute them ...

PT-2026-8326

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the context of any user accessing the compromis...

CVE-2026-23166 ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...

CVE-2026-23166 ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...

EUVD-2026-5872

In the Linux kernel, the following vulnerability has been resolved: ice: Fix NULL pointer dereference in icevsisetnapiqueues Add NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adaptor: 60:00.0 Ethernet controller 020...

CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...