CVE-2026-1516

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

CVE-2026-43897 Link Preview JS: vunerable to IPv6 and internal loopback attacks

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-45179

CVE-2026-45179 affects Plack::Middleware::Statsd for Perl, with versions before 0.9.0 potentially leaking user IP addresses if the statsd channel is not secured (e.g., UDP to a different network). Since 0.9.0, IPs are no longer logged unless configured; when configured, an HMAC signature of the I...

CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

EUVD-2025-209582

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

UBUNTU-CVE-2026-1516

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab 18.8.9,...

EUVD-2025-208323

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

CVE-2025-70616

Vulnerability: CVE-2025-70616 affects the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0). The IOCTL handler 0x80102058 copies user-supplied Options into a 40-byte stack buffer (Src[40]) without proper bounds checking, via memmove, enabling a stack-based buffer overflow. An attacker w...

CVE-2025-67476 Importing leaks IP address of importer via EventStreams

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from before 1.44.3, 1.45.1...

CVE-2025-67476

CVE-2025-67476 affects Wikimedia Foundation MediaWiki, with the flaw located in includes/Import/ImportableOldRevisionImporter.Php. Affects MediaWiki versions before 1.44.3 and before 1.45.1. The Red Hat advisory describes a remote-facing issue where a low-privilege attacker could disclose sensiti...

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

CVE-2026-22778

Summary of CVE-2026-22778 : A vulnerability in vLLM (0.8.3–0.14.0) lets an attacker send an invalid image to the multimodal endpoint, causing PIL to leak a heap address. This information disclosure can be chained with a heap overflow in the JPEG2000 decoder used by OpenCV/FFmpeg to achieve remote...

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

PT-2026-5710

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.3 through 0.14.0 Description vLLM is an inference and serving engine for large language models. A chain of issues allows for remote code execution when the service is configured to serve a video model. First, sending an inval...

CVE-2019-16752

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...