2275 matches found
CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
CVE-2026-58051
CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...
CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
MAL-2026-6544 Malicious code in chai-as-persisted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...
EUVD-2026-39481
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle...
GHSA-8JGF-23Q5-X7XX ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass
Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...
CVE-2026-48800
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...
CVE-2026-48778
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...
CVE-2026-47692
Envoy vulnerability CVE-2026-47692: PROXY Protocol v2 header generator can emit TLVs beyond the maximum 65535-byte length, causing a mismatch between bytes written and the length field and potentially smuggling bytes upstream. Affected versions: 1.34.0 through 1.35.13, 1.36.9, 1.37.5, and 1.38.3....
perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...
MAL-2026-6499 Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...
EUVD-2026-39571
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...
CVE-2026-6329
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...
DEBIAN-CVE-2026-6329
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...
Important: Red Hat Security Advisory: perl-IO-Compress security update
An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
EUVD-2026-38382
MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length...
CVE-2026-6329
CVE-2026-6329 describes a vulnerability in PKCS#12 MAC verification in wolfSSL where the verification uses an attacker-controlled comparison length. The PKCS#12 verify path compares the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from atta...
CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...