UBUNTU-CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the refe...

Linux Distros Unpatched Vulnerability : CVE-2026-56209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

CVE-2026-56209

CVE-2026-56209 concerns libaom’s SVC layer: a missing bounds check in the SVC layer ID control function lets an attacker inject an arbitrary pointer into the cyclic refresh map when processing frames, enabling an encoder to write about 1,200 bytes to attacker-controlled memory. This vulnerability...

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

CVE-2025-0028

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability...

CVE-2025-0028

The AMD PMF (Platform Management Framework) vulnerability CVE-2025-0028 stems from an unchecked return value in the PMF that could enable a local attacker to read or modify an arbitrary address, risking confidentiality, integrity, and availability. The issue is tied to the AMD chipset driver/PMF ...

ROS-20260506-73-0022

Vulnerability in tomcat10 related to url redirection to untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely to redirect a user to an arbitrary url address...

CVE-2026-25883

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

NovumOS 安全漏洞

NovumOS is an 32-bit protected mode operating system developed by MinecAnton209. Versions of NovumOS prior to 0.24 contained security vulnerabilities. These vulnerabilities stemmed from system call 15, which allowed Ring 3 user-mode processes to map arbitrary virtual address ranges into their own...

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application...

Linux Distros Unpatched Vulnerability : CVE-2025-2509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process,...

EUVD-2026-8860

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

CVE-2026-0106

In vpummap of vpuioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-6005

Name of the Vulnerable Software and Affected Versions Android VPU driver versions prior to the February 2026 security patch Description The issue resides within the vpu ioctl function, specifically in the vpu mmap component. A missing bounds check allows for a potential arbitrary address mapping...