472 matches found
CVE-2026-44499
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...
GHSA-R2F4-FF2P-XC64 Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. The vulnerable flow accepts compositeIndices from imported JSON, stores the values...
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. The vulnerable flow accepts compositeIndices from imported JSON, stores the values...
PT-2026-44227
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In stacked Linux Security Module LSM configurations, the sock has perm and nlmsg sock has extended perms functions incorrectly dereference sk-sk security directly. This assumes the SELin...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: Fixed a use-after-free in compositedevcleanup. 1. In func configfscompositebind - compositeosdescreqprepare: If kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. As a result, a failure...
Astra Linux - уязвимость в linux, linux-5.10
A issue was discovered in the drivers/usb/gadget/composite.c file within the Linux kernel before version 5.16.10. The USB Gadget subsystem lacks certain validations for interface OS descriptor requests those with a large array index and those associated with NULL function pointer retrieval. Memor...
Astra Linux - уязвимость в openexr
OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep, and we might be referring to a non-existent ep, triggering a NULL pointer exception. In certain configurations, we might use few...
Malicious code in @antv/l7-composite-layers (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/ava (=3.6.0-alpha.0), @antv/gpt-vis (>=0.0.1 <=0.6.1) +23 more potentially affected by unknown CVE via @antv/l7-composite-layers (>=0.0.1-alpha.6 <=0.17.1)
@antv/l7-composite-layers NPM version =0.0.1-alpha.6, =0.0.1, =0.1.0, =0.0.1, =0.0.1-alpha.1, =0.1.1, =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.1, =1.0.0-alpha.4, =1.0.0-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4035...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
OSV-2024-1464 Use-of-uninitialized-value in Splash::compositeBackground
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513891492 Crash type: Use-of-uninitialized-value Crash state: Splash::compositeBackground SplashOutputDev::setSoftMask Gfx::doSoftMask...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
BIT-NEO4J-2026-1497 Incorrect privilege assignment in composite databases
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...
SUSE CVE-2026-31724
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: feem: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...
CVE-2026-5394
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...