SUSE CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

Use of Inherently Dangerous Function

Overview Affected versions of this package are vulnerable to Use of Inherently Dangerous Function via the PQfn function when called with resultisint=0 in the loexport, loread, lolseek64, and lotell64 functions. An attacker can overwrite client stack memory with arbitrary data by sending a special...

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a resource...

UBUNTU-CVE-2026-33596

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...

CVE-2025-71264

Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service client crash...

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

EUVD-2011-4774

Malware in sbrugna...

EUVD-2019-0838

Malware in sbrugna...

EUVD-2023-36518

Malicious code in bioql PyPI...

glib2: Signal subscription vulnerabilities

A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the...

Linux Distros Unpatched Vulnerability : CVE-2025-32914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out- of-bounds read. This flaw allows a malicious HTTP client to...

CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

USN-7371-1 freerdp2 vulnerabilities

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. CVE-2024-32458 Evgeny Legerov discovered...

DEBIAN-CVE-2024-22211

FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdpbitmapplanarcontextreset leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

CVE-2023-2811

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot...

PT-2022-19442

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.4 Description An attacker can send packets that will send Pion DTLS into an infinite loop when processing. This issue affects the DTLS server or client. Recommendations For versions prior to 2.1.4, upgrade to Pi...