CVE-2021-27496

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An...

CVE-2026-33491 Zen-C has Stack-Based Buffer Overflow in Identifier Mangling

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C sour...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the AdvancedLoggingJSON configuration during support packet generation. An attacker can access arbitrary files on the host system by supplying a malicious file path. Details A Directory Traversal attack also known...

CVE-2026-32989

Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...

CVE-2025-41368

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

Deserialization of Untrusted Data

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data the HFCheckpointIO checkpoint-loading process in nemo/lightning/io/hf.py. An attacker can execute arbitrary code on the victim system by supplyin...

USN-8122-1: PJSIP vulnerabilities

Youngsung Kim discovered that PJSIP did not properly parse numeric header fields in SIP messages. A remote attacker could use this issue to cause PJSIP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-16872 Peter...

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

Security Bulletin: NVIDIA Model Optimizer - March 2026

NVIDIA has released a software update for NVIDIA® Model Optimizer. To protect your system, clone or update this software to ModelOpt 0.41.0 Release or later from NVIDIA Github. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security...

PT-2026-27436

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions affected versions not specified Description NGINX Open Source and NGINX Plus, when built with the ngx http mp4 module module and configured with the mp4 directive, are susceptible to a buffer over-read...

CVE-2026-33154

A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...

Debian dsa-6171 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6171 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6171-1 [email protected]...

CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

EUVD-2026-13275

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

UBUNTU-CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLd2iSSLSESSION function when deserializing session data with the SESSIONCERTS option enabled. An attacker can corrupt heap memory and potentially execute arbitrary code or cause a crash by supplyi...

Medium: gvfs

Issue Overview: A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint,...

CVE-2026-31963

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. When processing CRAM Compressed Reference-oriented Alignment Map files, an out-by-one error in feature decoding can cause a heap buffer overflow. This vulnerability allows an attacker to craft a malicious...