CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

CVE-2026-6104

CVE-2026-6104 affects PHP 8.4.x before 8.4.21 and 8.5.x before 8.5.6. When an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, code assumes that strncasecmp() returning 0 guarantees equal length, enabling an out-of-bounds read of glob...

OESA-2026-2209 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

Open5GS 缓冲区错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a buffer error vulnerability. This vulnerability stems from the Ogssbiclientsendviascporsepp function in the library...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016808)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016808 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read...

ROS-20260508-73-0015

A vulnerability in the ngxhttpmp4module module of the NGINX Plus and NGINX Open Source HTTP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code...

JLSEC-2026-478

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

CLSA-2026-1778142227 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

CLSA-2026-1778129870 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016501 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer...

CVE-2026-42216

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init reconstructs strings from a prefix-compressed...

CLSA-2026-1778111838 httpd: Fix of 9 CVEs

CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...

BIT-JAVA-MIN-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

BIT-JAVA-MIN-2024-47775 GHSL-2024-261: GStreamer has an OOB-read in parse_ds64

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multipl...

CLSA-2026-1777476716 vim: Fix of 8 CVEs

CVE-2021-4019: replace the unbounded STRCPY pair in findhelptags with vimsnprintf bounded by IOSIZE to prevent heap buffer overflow with long :help arguments starting with "%z@". - CVE-2021-4192: re-fetch regline/reginput via reggetline after getvvcol in regmatchvisual so the cached line pointer...

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

...

SUSE CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

PT-2026-37839

In GStreamer through 1.26.1, the isomp4 plugin's qtdemux parse trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

PT-2026-37819

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst wavparse smpl chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer...

PT-2026-37530

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the TCP option parser within the net/netfilter/xt tcpmss.c file. The issue occurs when the code reads opi+1 without validating the remaining option length...