CVE-2026-9096 CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

CLSA-2026-1777046565 ImageMagick: Fix of 5 CVEs

CVE-2026-33900: fix integer truncation in viff encoder leading to heap out-of-bounds write on 32-bit builds - CVE-2026-33905: fix out-of-bounds read in -sample operation via sample:offset define - CVE-2026-34238: fix integer overflow in despeckle operation causing heap buffer overflow on 32-bit...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006609)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006609 advisory. In psiwrite of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional...

CVE-2026-33851 Improper Restriction of Operations within the Bounds of a Memory Buffer in joncampbell123 doslib

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729...

OPENSUSE-SU-2026:20368-1 Security update for ocaml

This update for ocaml fixes the following issues: - CVE-2026-28364: missing bounds validation in readblock can lead to arbitrary code execution bsc1258992...

Security update for libsoup

This update for libsoup fixes the following issue: CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

CVE-2026-24798

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...

CVE-2026-24798 An Uninitialized stack variable vulnerability in GaijinEntertainment/DagorEngine

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine prog/3rdPartyLibs/miniupnpc modules. This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor20250115...

CVE-2026-24794 Chunk Unloading Security Vulnerability in CardboardPowered/cardboard

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

PT-2026-28330

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the nfnetlink osf module related to the validation of option lengths in network packet fingerprints. Specifically, the nfnl osf add callback...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992928)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992928 advisory. In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIGNRCPUS bitsper rounds up to the next...

CVE-2022-50656

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfctarget before being used Fix a slab-out-of-bounds read that occurs in nlaput called from nfcgenlsendtarget when target-sensbreslen, which is duplicated from an nfctarget in pn533, is too large as the nfctarge...

CVE-2025-9338

The connected PT-Security advisory for PT-2025-45177 confirms a vulnerability in AsIO3.sys involving improper restriction of operations within a memory buffer, enabling local privilege escalation if a specially crafted process is executed. It identifies AsIO3.sys as the affected driver and notes ...

EUVD-2021-1621

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987387 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in...

EUVD-2024-51780

Malicious code in bioql PyPI...

EUVD-2025-11819

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-53254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cacheinfo: Fix sharedcpumap to handle shared caches at different levels The cacheinfo sets up the sharedcpumap by checking whether the caches with the same inde...

CVE-2025-39788 scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCIUTRLNEXUSTYPE On Google gs101, the number of UTP transfer request slots nutrs is 32, and in this case the driver ends up programming the UTRLNEXUSTYPE incorrectly as 0. This is because the...

Linux Distros Unpatched Vulnerability : CVE-2021-28699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this...