3816 matches found
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348 PoDoFo: Double-free vulnerability in compute_hash_to_sign()
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
EUVD-2026-30337
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-43993
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...
AMD Device Metrics Exporter (ROCm ecosystem) Vulnerability - Lenovo Support US
No description provided...
CVE-2026-43993
CVE-2026-43993 : In JunoClaw’s WAVS bridge, the function computeDataVerify fetched agent-supplied URLs without validating the URL scheme, port, or resolved IP, enabling an SSRF vulnerability. Affected version range is prior to 0.x.y-security-1 . This could allow access to cloud-metadata and inter...
SUSE CVE-2026-43321
In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...
JunoClaw 代码问题漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions of JunoClaw prior to 0.x.y-security-1 contained code vulnerabilities. These vulnerabilities stemmed from the computeDataVerify function in the WAVS bridge, which did not validate the protocol, port, or parse the IP...
Unity Linux 20.1060e / 20.1070e Security Update: transfig (UTSA-2026-017536)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017536 advisory. An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function computeclosedspline located in transspline.c. It allows an attack...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: k9s, cert-manager-cmctl, azure-service-operator, emissary, aws-application-networking-k8s, nri-kubernetes, verticadb-operator, kube-vip-cloud-provider, crossplane-provider-aws-memorydb, crossplane-provider-keycloak, kubelet-csr-approver, crossplane-provider-aws-lambd...
EUVD-2026-28605
In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...
CVE-2026-43321
In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...
CVE-2026-43321
In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...
UBUNTU-CVE-2026-43321
In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...
CVE-2026-43321
In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...
OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
DEBIAN-CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...