ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +14362 more potentially affected by CVE-2026-42579 via io.netty:netty-codec-dns (>=4.1.0.Beta4 <=4.1.132.Final)

io.netty:netty-codec-dns MAVEN version =4.1.0.Beta4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-42579 Source...

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

EUVD-2026-27782

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

CVE-2026-43222

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

SUSE-SU-2026:21559-1 Security update for wireshark

This update for wireshark fixes the following issues - CVE-2026-3201: missing limit checks in USB HID protocol dissector's parsereportdescriptor function can lead to memory exhaustion bsc1258907. - CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal...

PT-2026-37562

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer size issue exists in the Verisilicon AV1 media component. The tile information, consisting of row sb, col sb, start pos, and end pos 4 bytes each, requires a total memory...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +23724 more potentially affected by CVE-2026-41417 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2845 more potentially affected by CVE-2026-41417 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-41417 Source advisory: OSV:GHSA-V8H7-RR48-VMMV...

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the setUri function. An attacker can inject arbitrary CRLF sequenc...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +23724 more potentially affected by CVE-2026-41417 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

CVE-2026-5403

A flaw was found in the SBC audio codec in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a heap-based buffer overflow, resulting in a denial of service or potentially in code execution. Mitigation If the SBC audio codec dissector is not...

CVE-2026-6529

A flaw was found in Wireshark. A remote attacker could exploit this vulnerability by providing a specially crafted iLBC audio codec. This could lead to a crash of the Wireshark application, resulting in a denial of service. Mitigation Users should avoid opening untrusted capture files or processi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: croseccodec: Fixed a refcount leak in croseccodecplatformprobe. The ofparsephandle function returns a node pointer with a refcount incremented; we should use ofnodeput on it when there is no longer a need for it. Add the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: For the hda codecs, do not unset the preset when cleaning up the codec. Several functions involved in the initialization and removal of codecs are reused by ASoC codec driver implementations. These drivers mimic the behavio...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller, we encounter an out-of-bound error. The specific error message is: “KASAN: slab-out-of-bounds Read in regcacheflatread” The backtrace of the issue i...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: soundwire: revisit driver bind/unbind and callbacks In the SoundWire probe, we store a pointer from the driver ops into the 'slave' structure. This can lead to kernel oopses when unbinding codec drivers, e.g. with the following...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clkgetrate during transfer Instead of repeatedly calling clkgetrate for each transfer, lock the clock rate and cache the value. A deadlock was observed when adding the tlv320aic32x4 audio codec to the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fixed memory corruption in sma1307settingloaded The sma1307-setheadersize field specifies the number of integers in the header there are 8 such integers. However, instead of allocating 8 integers’ worth of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Added ofnodeput before wcdb934xcodecparsedata. The devicenode pointer is returned by ofparsephandle with the refcount incremented. We should use ofnodeput on it after the operation is completed. This is...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: handle errors on card registration If the card registration fails, typically because of deferred probes, the device properties added for headset codecs are not removed, which leads to kernel oopses in driver...