693 matches found
CVE-2026-57245
When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...
EUVD-2026-42187
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...
CVE-2026-57245
Foxit PDF Editor/Reader contains a use-after-free vulnerability in the handling of hyperlink annotations when opening and traversing annotation elements. The issue can lead to an invalid state and an invalid pointer write during destruction, causing a crash. CVSSv3.1 base score 7.8 ( HIGH ) with ...
EUVD-2026-42207
When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...
CVE-2026-57245
When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...
CVE-2026-57248
When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...
CVE-2026-57252
When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...
PT-2026-56351
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description A use-after-free issue occurs when the application opens a PDF file. During the process where JavaScript deletes pages and removes attachment annotations, the attachment panel...
PT-2026-56347
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description Insufficient object type and argument checks occur when the application opens a PDF file and JavaScript writes annotation attributes. This leads to damage in the internal...
CVE-2026-53492
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...
OPENSUSE-SU-2026:21201-1 Security update for jackson-annotations, jackson-core, jackson-databind
This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...
SUSE-SU-2026:22504-1 Security update for jackson-annotations, jackson-core, jackson-databind
This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...
Important: containerd
Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...
CVE-2026-13434
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...
GO-2026-5638 Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations in github.com/kata-containers/kata-containers
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations in github.com/kata-containers/kata-containers...
USN-8472-1 containerd-app vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
USN-8472-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
USN-8473-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
Unsafe Dependency Resolution
Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via Groovy AST transformation annotations during...
CVE-2026-57281
A flaw was found in the Jenkins Script Security Plugin. Attackers with the ability to run sandboxed Groovy scripts can exploit this vulnerability to execute arbitrary code outside the sandbox environment. This is due to the plugin's failure to reject Groovy Abstract Syntax Tree AST transformation...