PT-2026-49010

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25040308 AVG Antivirus versions prior to VPS 25040308 Norton Antivirus versions prior to VPS 25040308 Avast One versions prior to VPS 25040308 Avast Business Antivirus versions prior to VPS 25040308...

Adobe Substance3D Sampler 缓冲区错误漏洞

Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Versions of Adobe Substance3D Sampler 6.0.0 and earlier contain a buffer error vulnerability. This vulnerability stems from an out-of-bounds write vulnerability, which could allow arbitrary code to be executed...

EulerOS Virtualization 2.10.0 : libpcap (EulerOS-SA-2026-2051)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string...

CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

GHSA-HC3C-63HC-2R9F libcrux: Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

PSF-0000-CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

CVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...

OESA-2026-1664 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

SUSE-SU-2026:0928-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255163. - CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in...

CVE-2026-2922 GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0617-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0617-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: -...

EUVD-2026-5450

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

CVE-2025-59487 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine...

CVE-2025-58348

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confgtspec write operation, leading to kernel...

SUSE-SU-2026:0343-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...

CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

CVE-2026-24806 Buffer Write Security Vulnerability in liuyueyi/quick-media

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...

CVE-2026-24806

CVE-2026-24806 arises from an improper generation of code in liuyueyi’s quick-media project, specifically the PNGImageEncoder path within the SVG Batik codec fix module. The vulnerability affects quick-media before v1.0 and is described as a Code Injection issue. Supported details from multiple s...

CVE-2026-24806 Buffer Write Security Vulnerability in liuyueyi/quick-media

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...