CVE-2026-29091

CVE-2026-29091 concerns Locutus, a project that ports stdlibs to JavaScript. Red Hat and NVD descriptions detail an RCE in the call_user_func_array wrapper, where an insecure validation of the callback array before eval() allows arbitrary JavaScript execution in the runtime. The issue is specific...

CLSA-2026-1772815097 Fix of 72 CVEs

CVE-2025-38699 - scsi: bfa: Double-free fix CVE-2025-38699 CVE-2025-38697 - jfs: upper bound check of tree index in dbAllocAG CVE-2025-38697 CVE-2025-39823 - KVM: x86: use arrayindexnospec with indices that come from guest CVE-2025-39823 CVE-2025-39689 - ftrace: Also allocate and copy hash for...

RHEL 10 : postgresql16 (RHSA-2026:3887)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3887 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

PT-2026-23803

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.12 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a remote code execution RCE issue in its database query functionality. The application's validation...

OSV-2026-356 Security exception in org.apache.lucene.util.ArrayUtil.copyOfSubArray

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=489370855 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.copyOfSubArray org.apache.lucene.util.BytesRef.deepCopyOf org.apache.lucene.index.Term...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005686 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005801 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005569 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace...

Security Bulletin: A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL 8.3 on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005455)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005455 advisory. In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesse...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005708 advisory. An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset,...

OpenClaw has an unspecified vulnerability (CNVD-2026-13378)

OpenClaw is openclaw open source an intelligent artificial assistant. A security vulnerability exists in OpenClaw that stems from the normalizeForHash function mishandling array sorting, which can be exploited by an attacker to cause a compromise in the integrity of a sandboxed configuration...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005543)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005543 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array...

Allocation of Resources Without Limits or Throttling

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the deserializebinaryform function in the remote form handler. An attacker can exhaust application resources by sending crafted bina...

CVE-2026-2751 Blind SQL Injection

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

CVE-2026-2751 Blind SQL Injection

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Packetbeat is affected by CVE-2026-26932 due to improper validation of an array index in the PostgreSQL protocol parser. The issue can cause a Go runtime panic, terminating the Packetbeat process and resulting in a Denial of Service. Attack requires the pgsql protocol to be explicitly enabled and...

CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

CVE-2026-26932

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...