182 matches found
CVE-2026-57246
When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...
CVE-2026-57246 Foxit PDF Editor/Reader Signature Buffer Overflow Vulnerability
When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...
EUVD-2026-42206
When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...
CVE-2026-57246
When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...
GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation
Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...
CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: A memory leak has been fixed in xevmmadviseioctl. When the validation of checkboargsaresane fails, the code jumps to the new freevmas cleanup label to properly release the allocated resources. This ensures proper cleanup ...
EUVD-2026-29501
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...
EUVD-2026-28595
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011365)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011365 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013212)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013212 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...
CVE-2026-20040
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
CVE-2026-3479
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...
CVE-2026-3479
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...
PSF-2026-13
DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...
Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W)
According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerabilit...
CVE-2026-20040
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...