CVE-2025-7018 Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64...

CVE-2025-7002 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 2)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68...

CVE-2025-7002

CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow; GitHub repository for Vim/Vim before version 8.2...

Astra Linux - уязвимость в vim

Use After Free in the GitHub repository vim/vim before version 8.2...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...

EUVD-2026-30777

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

CVE-2026-21024

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

CVE-2026-8199 Post-auth memory exhaustion via bitwise match expressions

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

CVE-2026-45362

Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file...

CVE-2026-8063 Post-auth null pointer dereference when aggregating against a view with empty search pipeline

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...

MongoDB Server 代码问题漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 8.2 and 8.2.7 contained code vulnerabilities...

JLSEC-2026-405

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

Astra Linux – Vulnerability in curl

There is an authentication bypass vulnerability in libcurl version 8.0.0, particularly in the FTP connection reuse feature. This vulnerability can cause incorrect credentials to be used during subsequent transfers. Previously created connections are retained in a connection pool for reuse if they...

SUSE CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

CVE-2025-70364

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users...

CVE-2026-33025

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

CVE-2026-33933

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

CVE-2026-27811

CVE-2026-27811 affects the Roxy-WI web interface. Prior to version 8.2.6.3, a command injection exists in the /config/compare///show endpoint. The root cause is in app/modules/config/config.py on line 362, where user input is directly formatted into a template string that is eventually executed, ...