17029 matches found
CVE-2026-59860
Kiota is an OpenAPI-based HTTP client code generator. Prior to 1.32.3, it is affected by a code-generation injection in the C# XML documentation-comment sink when OpenAPI descriptions are written into single-line /// comments without stripping newline/Unicode terminators, allowing injection into ...
UBUNTU-CVE-2026-38753
A use-after-free in the awksub function editors/awk.c of Busybox...
CVE-2026-38752
A stack overflow in the evaluate function editors/awk.c of BusyBox commit 371fe9 allows attackers to cause a Denial of Service DoS via supplying a crafted AWK script...
PT-2026-60313
Name of the Vulnerable Software and Affected Versions Busybox version 1.38.0 Description A heap overflow occurs in the ifsbreakup function located in shell/ash.c. This issue allows attackers to cause a Denial of Service DoS by providing a specially crafted input. A heap overflow is a memory...
CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
CVE-2026-40469 Heap buffer overflow in gawk
Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44
Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...
CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...
[SECURITY] Fedora 44 Update: c-ares-1.34.7-1.fc44
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
UBUNTU-CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
CVE-2026-59858
Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...
CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width
A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...
Moderate: Red Hat Security Advisory: compat-glibc security update
An update for compat-glibc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
CVE-2026-33630
A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...
cargo-c-0.10.23-1.1 on GA media (moderate)
cargo-c-0.10.23-1.1 on GA media Announcement ID: openSUSE-SU-2026:11210-1 Rating: moderate Cross-References: CVE-2026-41676 CVE-2026-41677 CVE-2026-41678 CVE-2026-41681 CVE-2026-41898 CVE-2026-42327 CVE-2026-44662 CVE-2026-45784 CVSS scores: CVE-2026-41676 SUSE : 6.5...
EUVD-2026-42275
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...
OPENSUSE-SU-2026:11210-1 cargo-c-0.10.23-1.1 on GA media
These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed...