CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

[SECURITY] [DSA 6240-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6240-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2026 https://www.debian.org/security/faq -...

RLSA-2026:12265 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveClass function in AbstractIoBuffe...

UBUNTU-CVE-2026-42779

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584

The CVE describes an Arbitrary Code Execution in LabOne Q caused by unsafe deserialization: its serialization framework uses a class-loading mechanism (import_cls) that accepted fully-qualified class names without validating targets or restricting modules. An attacker can craft a malicious serial...

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

EUVD-2026-26483

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-37552

CVE-2026-37552 . Affected: MixPHP Framework 2.x up to 2.2.17. Root cause: unsafe deserialization using Opis\Closure\unserialize() on data received by the sync-invoke TCP server, then executed via call_user_func(). No authentication/signature on the localhost TCP port (127.0.0.1). Impact: arbitrar...

PT-2026-36307

Name of the Vulnerable Software and Affected Versions OpenStack ironic-python-agent versions 1.0.0 through 11.5.0 Description Ironic Python Agent IPA may execute the grub-install function from within a chroot of the deployed partition image. This behavior can lead to arbitrary code execution if a...

PT-2026-36851

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description vm2 is an open source vm/sandbox for Node.js. The use of SuppressedError allows attackers to escape the sandbox and execute arbitrary code. Recommendations Update to version 3.11.0...

PT-2026-36852

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description A critical sandbox escape exists in the vm2 library, which is used to run untrusted JavaScript code in Node.js applications. This issue allows an attacker to break out of the restricted environment and...

Zurich Instruments LabOne Q 代码问题漏洞

Zurich Instruments LabOne Q is a software platform for experimental control and automation in quantum computing, developed by the Swiss company Zurich Instruments. There are code vulnerabilities in Zurich Instruments LabOne Q; these vulnerabilities stem from the importcls mechanism in the...

hashcat 缓冲区错误漏洞

Hashcat is a high-performance password recovery and cracking tool developed by Hashcat developers. Version 7.1.2 of Hashcat contains a buffer overflow vulnerability. This vulnerability stems from a heap-based buffer overflow in the Kerberos hash resolver. The reason for this vulnerability is that...

open-amp 输入验证错误漏洞

open-amp is an OpenAMP open source framework that supports communication and lifecycle management between heterogeneous multi-core processors. An input validation error vulnerability exists in open-amp version v2025.10.0, which stems from an integer overflow in the ELF loader during firmware imag...

Open-Vehicle-Monitoring-System-3 安全漏洞

Open-Vehicle-Monitoring-System-3 is an open source vehicle remote monitoring and diagnostic control system from Open Vehicles. A security vulnerability exists in Open-Vehicle-Monitoring-System-3 version 3.3.005, which stems from a failure to properly validate the phdr.len field in...