EZB Systems Easyboot 安全漏洞

EZB Systems Easyboot is a tool developed by EZB Systems that simplifies the process of creating boot discs for Linux systems and installing operating systems. Version 6.6.0 of EZB Systems Easyboot contains a security vulnerability. This vulnerability stems from a buffer overflow in the Replace Te...

PT-2026-35261

Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options Settings...

HD Tune Pro 安全漏洞

HD Tune Pro is a disk analysis tool developed by HD Tune Inc., used to test hard drive performance, health status, and detect errors. Version 5.70 of HD Tune Pro contains a security vulnerability. This vulnerability stems from a buffer overflow issue when submitting excessively long strings throu...

PT-2026-35266

P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an...

PT-2026-35247

PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denia...

PT-2026-35246

RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an...

Wansview 安全漏洞

Wansview is a series of video monitoring cameras designed for home and small-scale scenarios by Wansview Company. https://www.wansview.com/. Version 1.0.2 of Wansview contains a security vulnerability; this vulnerability arises from attackers being able to cause the application to crash by...

HD Tune Easy PhotoResQ 安全漏洞

HD Tune Easy PhotoResQ is a image recovery tool developed by HD Tune Corporation, designed for restoring photos that have been accidentally deleted or damaged. Version 1.0 of HD Tune Easy PhotoResQ contains a security vulnerability. This vulnerability stems from the use of an excessively long...

OESA-2026-2090 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of...

SUSE CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

SUSE CVE-2026-31660

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532receivebuf reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already hand a complete frame to pn533recvframe befo...

SUSE CVE-2026-31664

In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in buildpolexpire buildexpire clears the trailing padding bytes of struct xfrmuserexpire after setting the hard field via memsetafter, but the analogous function buildpolexpire does not do this for...

CVE-2026-31671

A flaw was found in the Linux kernel's xfrmuser component. This vulnerability allows a local attacker to disclose sensitive information. The xfrmuserreport structure contains uninitialized padding bytes that are copied to userspace, leading to an information leak...

CVE-2026-31664

A flaw was found in the Linux kernel's xfrm subsystem. This vulnerability arises because the buildpolexpire function does not clear trailing padding bytes within the xfrmuserpolexpire structure. Consequently, these uninitialized padding bytes, which contain kernel heap memory contents, are sent t...

CVE-2026-31626

A flaw was found in the Linux kernel's rtl8723bs Wi-Fi driver. This vulnerability occurs within the rtwBIPverify function, where a variable is not fully initialized, leaving two bytes with unpredictable values. This uninitialized data can lead to unpredictable system behavior, potentially resulti...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the encode function in AxiosURLSearchParams. An attacker can smuggle a NUL byte into serialized query...

CVE-2026-33666 Zserio: Integer Overflow in BitStreamReader on 32-bit platforms

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

CVE-2026-42040

CVE-2026-42040 concerns Axios, a promise-based HTTP client for browser and Node.js. The vulnerability lies in the encode() function inside lib/helpers/AxiosURLSearchParams.js, where a character map (charMap) erroneously reverses safe percent-encoding of null bytes. Specifically, after encodeURICo...