SUSE CVE-2026-39827

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

BIT-NODE-MIN-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

UBUNTU-CVE-2026-34544

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...

Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID:...

Linux Distros Unpatched Vulnerability : CVE-2026-21712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN...

CVE-2019-25625

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causin...

DigitalVolcano TextCrawler Pro 安全漏洞

DigitalVolcano TextCrawler Pro is a batch text search and replacement tool developed by the British company DigitalVolcano. Version 3.1.1 of DigitalVolcano TextCrawler Pro contains a security vulnerability caused by a buffer overflow in the license key field, which may lead to the application...

CVE-2022-23745

A potential memory corruption issue was found in Capsule Workspace Android app running on GrapheneOS. This could result in application crashing but could not be used to gather any sensitive information...

EUVD-2020-17957

Malware in sbrugna...

EUVD-2018-14276

Malware in sbrugna...

EUVD-2020-27493

Malware in sbrugna...

EUVD-2021-24651

Malware in sbrugna...

EUVD-2016-6267

Malware in sbrugna...

EUVD-2019-11450

Malware in sbrugna...

EUVD-2025-21140

Malicious code in bioql PyPI...

EUVD-2025-3601

Malicious code in bioql PyPI...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23165 & CVE-2025-23166) )

Summary IBM App Connect Enterprise is vulnerable to Missing Release of Memory after Effective Lifetime and Uncaught Exception due to Node.js. Vulnerability Details CVEID:CVE-2025-23165 DESCRIPTION: In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file...

USN-7545-4 apport regression

USN-7545-1 fixed vulnerabilities in Apport. The update incorrectly handled logging if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrectly handled metada...

CVE-2025-1735

CVE-2025-1735 affects PHP pgsql and pdo_pgsql escaping functions across PHP 8.1–8.4 that do not check errors from underlying quoting functions, potentially causing crashes if the Postgres server rejects input. Affected: PHP 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.*. Roo...

CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...