CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

EUVD-2026-25583

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2026-41677

CVE-2026-41677 affects the rust-openssl bindings for Rust. From 0.9.0 up to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user’s callback, allowing a password callback that returns more data than the destination buffer to cause an over-read in some OpenS...

CVE-2026-31548

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

CVE-2026-31548

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

EUVD-2026-25441

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

CLSA-2026-1777021155 nbdkit: Fix of CVE-2025-47712

CVE-2025-47712: fix integer overflow in blocksize filter extents callback...

GHSA-CW28-63X4-37C3 Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89r3-6x4j-v7wf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows...

Duplicate Advisory: OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89r3-6x4j-v7wf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows...

EUVD-2026-25321

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the preexit callback in the wireguard device obtaining the rtnllock manually, potentially causing...

PT-2026-35083

Name of the Vulnerable Software and Affected Versions CyberPanel versions prior to 2.4.4 Description A stored cross-site scripting issue exists in the AI Scanner dashboard. The endpoint '/api/ai-scanner/callback' does not require authentication, allowing unauthenticated attackers to inject...

rust-openssl 缓冲区错误漏洞

rust-openssl is an open-source library in the rust ecosystem that allows for interaction with the OpenSSL library. In versions 0.9.0 to 0.10.78 of rust-openssl, there was a buffer error vulnerability. This vulnerability stemmed from the frompemcallback API not verifying the length returned by use...

CyberPanel 跨站脚本漏洞

CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Versions of CyberPanel prior to 2.4.4 had a cross-site scripting vulnerability. This vulnerability originated from a storage-based cross-site scripting vulnerability in the AI Scanner...

rust-openssl 安全漏洞

rust-openssl is an open-source library in the rust ecosystem that allows for interaction with the OpenSSL library. There were security vulnerabilities in the version of rust-openssl from 0.9.24 to 0.10.78. These vulnerabilities stemmed from the FFI Foreign Function Interface callback functions no...

TencentOS Server 3: 389-ds:1.4 (TSSA-2026:0243)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0243 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...