7676 matches found
Apache NiFi - Information Disclosure
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...
CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...
CVE-2026-57254
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...
CVE-2026-56002 libXfont2 PCF Font Parsing Heap Buffer Overflow
A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...
CVE-2026-57254
CVE-2026-57254 affects Foxit PDF Editor/Reader and is a type confusion vulnerability in PDF annotations that are referenced by other objects. The flaw occurs when the application parses the PDF without proper type checking, which can cause the application to crash. From the provided metrics, the ...
EUVD-2026-42199
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...
CVE-2026-57254
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...
PT-2026-56353
Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue exists where the application fails to perform proper type checking when parsing a PDF containing an abnormal annotation referenced by other objects. This type confusi...
CVE-2026-57455
A memory corruption flaw in Vim allows an attacker to cause a Denial of Service DoS. When a SOFO-based spell language is active, providing an excessively long word to the spell checker triggers a stack out-of-bounds write in the spellsoundfoldsofo function, causing the editor to crash. Mitigation...
CVE-2026-6688
FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename handling. With LFN enabled, fno.fname can be up to 255 characters; many callers copy it into short fixed buffers without bounds checks, causing overflow. This maps to CWE-120 Buffer Copy...
CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
CVE-2026-28979
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-28979
Summary: CVE-2026-28979 describes an out-of-bounds access issue fixed by enhanced bounds checking. The vulnerability affects web content processing in Apple platforms and is addressed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Affected components (from provided docs): Sa...
CVE-2026-28979
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
PT-2026-53699
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds access issue occurs when processing maliciously crafted web content, which may lead ...
PT-2026-53693
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds access issue occurs when processing maliciously crafted web content, which may lead ...
Security update for openbabel (moderate)
openSUSE Security Update: Security update for openbabel Announcement ID: openSUSE-SU-2026:0220-1 Rating: moderate References: 1258501 Cross-References: CVE-2026-2704 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...
Linux Distros Unpatched Vulnerability : CVE-2026-53224
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the...
DEBIAN-CVE-2026-53291
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...