CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: It was determined that processstring also allows arrays. To address a common bug where TRACEEVENT’s TPfastassign assigns the address of an allocated string to the ring buffer and then references it in TPPrintk, which can...

Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the on array parameter of the...

CVE-2026-41388 OpenClaw < 2026.3.31 - Configuration Rehydration via Empty-Array Revocation Handling

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls...

Foxit Reader List Box Calculate Array Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2026-2365 Foxit Reader List Box Calculate Array Use-After-Free Vulnerability March 31, 2026 CVE Number CVE-2026-3779 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicio...

MiracleLinux 3 : php-5.1.6-27.5.0.2.AXS3 (AXSA:2012-178:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-178:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

MiracleLinux 8 : java-17-openjdk-17.0.14.0.7-3.el8 (AXSA:2025-9605:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9605:04 advisory. JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The Asianux OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files to a...

EUVD-2025-175315

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sortcmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is...

EUVD-2025-18599

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-9119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The izvalptrdtor function in Zend/zendvariables.h in PHP 7.1.5 allows attackers to cause a denial of service memory consumption and application crash or possibl...

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

CVE-2025-38054

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...

CVE-2025-38054 ptp: ocp: Limit signal/freq counts in summary output functions

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freqin and signalout arrays, causing NULL pointer dereferences and triggering a kernel Oops...

CVE-2025-38054

The CVE-2025-38054 issue affects the Linux kernel PTP clock framework (ocp) in debugfs summary output. It could dereference NULL or access out-of-bounds elements in freq_in[] and signal_out[] due to uninitialized elements. The fix adds per-array counters (nr_freq_in, nr_signal_out) with a maximum...

PT-2025-25828

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue was related to the debugfs summary output accessing uninitialized elements in the freq in and signal out arrays, causing...

RLSA-2025:0422 Moderate: java-17-openjdk security update for Rocky Linux 8.6, 8.8, 8.10, 9.4 and 9.5

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The Rocky Enterprise Software Foundation OpenJDK packages rely on the copy-jdk-configs package to...

CLSA-2025-1742319123 java-11-openjdk: Fix of 11 CVEs

Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol length can lead to infinite loop - CVE-2024-21140: range Check Elimination RCE pre-loop limit overflow - CVE-2024-21144: Pack200 increase loading time due...

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

SUSE-SU-2025:0339-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 January 2025 CPU: Security fixes: - CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color -...

SUSE: Security Advisory (SUSE-SU-2025:0235-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...