CVE-2026-9503 GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

Linux Distros Unpatched Vulnerability : CVE-2026-8997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application...

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

UBUNTU-CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

CVE-2026-8997

CVE-2026-8997 : vifm is vulnerable to a heap buffer overflow during the history merge when saving the state file (vifminfo.json). The flaw arises from a missing runtime length check on history entries in release builds, allowing a crafted long path or command in history to cause memory corruption...

CVE-2026-8997 Heap Buffer Overflow in vifm

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

PT-2026-42765

Name of the Vulnerable Software and Affected Versions vifm versions 0.12.1 through 0.14.3 Description A heap buffer overflow occurs during the history merge process when saving the state file vifminfo.json. This is caused by a lack of runtime checks on the length of history entries in release...

Malicious code in @rui.branco/sentry-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8504c65903895f53054fc6df861469ddbac73c130793bd784d47eca8ef2cd65b On every load of index.js the package's main and bin entry, the package queries GitHub for the latest commit SHA on HEAD of rui-branco/sentry-mcp and...

CVE-2026-36189

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustifyd-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the checktemplate.cpp, checktemplate function, tokenizecleanup function, uncrustify...

EUVD-2026-31287

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustifyd-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the checktemplate.cpp, checktemplate function, tokenizecleanup function, uncrustify...

GO-2026-4983 ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction in github.com/ydb-platform/ydb-go-sdk

ydb-go-sdk's transactions are not committed using the options.WithCommit option on last call table.Transaction.Execute in transaction in github.com/ydb-platform/ydb-go-sdk...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup. LVDS connectors do not have extended backlight caps; therefore, check whether the pointer is valid before accessing it. Selected from commit...

Astra Linux - уязвимость в linux-5.10, linux

There is a use-after-free vulnerability in the Linux kernel that can be exploited to achieve local privilege escalation. To exploit this vulnerability, the CONFIGTLS or CONFIGXFRMESPINTCP kernel configuration flags must be set; however, the operation does not require any special privileges. There...

Astra Linux - уязвимость в linux-5.10, linux

There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...

Astra Linux - уязвимость в linux, linux-5.10

There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, leading to an escalation of privileges to gain ring0 access from the system user. We recommend...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak of activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...

Astra Linux - уязвимость в linux, linux-5.10

There is a use-after-free in iouring in the Linux kernel. The signalfdpoll and binderpoll functions use a waitqueue whose lifetime is the current task. The waitqueue will send a POLLFREE notification to all waiters before it is freed. Unfortunately, the iouring poll does not handle POLFREE. This...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...