7061 matches found
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...
Incorrect Behavior Order: Early Validation
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Early Validation via incomplete validation of paths in the process. An attacker can gain unauthorized access to internal system directories and potentially read or modify sensitive data by supplying specially...
Incorrect Behavior Order: Early Validation
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Early Validation via incomplete validation of paths in the process. An attacker can gain unauthorized access to internal system directories and potentially read or modify sensitive data by supplying specially...
EUVD-2026-24213
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...
CVE-2026-40279
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...
CVE-2026-40279 BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...
EUVD-2026-24166
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...
CVE-2026-40279
BACnet Stack (open-source C library for embedded systems) contains a defect in decode_signed32() in src/bacnet/bacint.c where reconstructing a 32-bit signed integer from four APDU bytes via signed left shifts can overflow signed int32_t when any byte has bit 7 set (>= 0x80). This undefined beh...
CVE-2026-40279
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...
CVE-2026-40279 BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...
Evaluating LLM-Generated Obfuscated XSS Payloads for Machine Learning-Based Detection
Cross-site scripting XSS remains a persistent web security vulnerability, especially because obfuscation can change the surface form of a malicious payload while preserving its behavior. These transformations make it difficult for traditional and machine learning-based detection systems to reliab...
PT-2026-46970
Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.21 through 26.00 Description An uninitialized memory disclosure exists in the UEFI capsule .scap parser. The OpenCapsule function allocates a heap buffer based on an attacker-declared CapsuleImageSize up to 1 GiB without...
BACnet Stack 安全漏洞
BACnet Stack is an open-source protocol stack for BACnet that is suitable for embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a security vulnerability. This vulnerability arises from the decodesigned32 function in src/bacnet/bacint.c, which uses...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011238)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011238 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013214)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013214 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011155)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011155 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013212)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013212 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...
EUVD-2026-23866
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the WebRTC: Signaling component...
firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the WebRTC: Signaling component...