CVE-2018-25271

Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools Run to trigger a buffer overflow...

CVE-2018-25268 LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or...

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

CVE-2026-31458

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contextsarr0 Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is...

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

PT-2026-34482

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from utf8 lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm,...

openSUSE 16 Security Update : clamav (openSUSE-SU-2026:20479-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20479-1 advisory. Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial...

CVE-2026-40279

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

CVE-2026-40279

BACnet Stack (open-source C library for embedded systems) contains a defect in decode_signed32() in src/bacnet/bacint.c where reconstructing a 32-bit signed integer from four APDU bytes via signed left shifts can overflow signed int32_t when any byte has bit 7 set (>= 0x80). This undefined beh...

CVE-2026-40279

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

CVE-2026-40279 BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decodesigned32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

BACnet Stack 安全漏洞

BACnet Stack is an open-source protocol stack for BACnet that is suitable for embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a security vulnerability. This vulnerability arises from the decodesigned32 function in src/bacnet/bacint.c, which uses...

PT-2026-34009

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode signed32 in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set value ≥ 0x80, the left-shift...

PT-2026-33988

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The sock recvfrom into method of asyncio.ProacterEventLoop on Windows lacks a boundary check for the data buffer when the nbytes parameter is used. This can lead to an out-of-bounds buffer wri...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012984 advisory. In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC The referenced commit...

CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

OPENSUSE-SU-2026:20479-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

GHSA-8GGF-R3VM-P3JC AgentScope vulnerable to Server-Side Request Forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...