CVE-2022-33226

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications...

CVE-2025-23817

Cross-Site Request Forgery CSRF vulnerability in mahadirz MHR-Custom-Anti-Copy mhr-custom-anti-copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through = 2.0...

CVE-2022-33288

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information...

CVE-2022-0247

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions...

SUSE CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-15224 libssh key passphrase bypass without agent set

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-15224

CVE-2025-15224 : The curl/libcurl implementation used for SSH-based transfers (SCP/SFTP) can incorrectly authenticate via a locally running SSH agent when public-key authentication is requested. This (libssh backend) behavior allows bypassing intended agent prompts and may enable unintended authe...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs60 (SUSE-SU-2026:0044-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0044-1 advisory. - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart bsc123003...

CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...

CVE-2026-22188 Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

CVE-2025-64305

The connected sources describe a vulnerability in Columbia Weather Systems MicroServer where portions of the system firmware are copied to an unencrypted external SD card on boot, exposing user and vendor secrets in plaintext. This exposure could enable an attacker on the local network with admin...

CVE-2026-21503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

CVE-2026-21503 iccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArray

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

CVE-2025-1404

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayssccpreportsusersearch function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to...

libssh global known_hosts override

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

Important: ecs-service-connect-agent

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

Columbia Weather Systems MicroServer 安全漏洞

Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that originates when portions of the system firmware are copied to an unencrypted external SD card, potentially resulting in th...