565 matches found
kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting
A flaw was found in the Linux kernel's device mapper dm component. When setting up zone append emulation resources, a race condition can occur if the blkrevalidatediskzones function fails while another process simultaneously calls dmblkreportzones. This timing issue can lead to a use-after-free...
ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code
AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven...
NewStart CGSL MAIN 6.06 (SP) : ncurses Multiple Vulnerabilities (NS-SA-2026-0020)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005728)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005728 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...
CVE-2026-3463
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binarywriter::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005423)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005423 advisory. In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'fileappend' nulled...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the xlnt::detail::binarywriter::append function in the Compound Document Parser process. An attacker can cause a heap-based buffer overflow by providing specially crafted input to this function during loca...
CVE-2026-3463
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binarywriter::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...
CVE-2026-3463
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binarywriter::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...
CVE-2026-3463
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binarywriter::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...
xlnt 安全漏洞
xlnt is an open-source C++ language library developed by the xlnt-community. Versions of xlnt 1.6.1 and earlier contain security vulnerabilities. These vulnerabilities stem from a buffer overflow vulnerability in the function xlnt::detail::binarywriter::append located in the...
PT-2026-22730
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
CVE-2026-25628
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...
CVE-2026-25628
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...