CVE-2019-25762

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...

Astra Linux – Vulnerability in hdf5

A issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5Fgetnrefs located in H5Fquery.c. This allows an attacker to cause a Denial of Service attack...

CVE-2026-11786

CVE-2026-11786 affects the 389 Directory Server (389-ds-base). The issue is a heap-out-of-bounds read in the LDIF parser when processing attribute types with trailing semicolons during database import, traced to ldif parser function str2entry_state_information_from_type(). Consequences are descri...

CVE-2026-41006

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026...

DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

Over the last decade, DICOM parsing has become an active research topic. The reason is simple: DICOM is both critical and complicated. Hospitals rely on DICOM-based PACS systems, and those systems often automatically ingest files received over the network. That means malformed data could directly...

Astra Linux - уязвимость в hdf5

A issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5ACunpinentry, located in H5AC.c. This allows an attacker to cause a Denial of Service attack...

Astra Linux - уязвимость в hdf5

A issue was discovered in HDF5 through version 1.12.0. There is a heap-based buffer over-read in the function H5Olayoutdecode, located in H5Olayout.c. This allows an attacker to cause a Denial of Service attack...

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...

CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

RLSA-2026:16693 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

ROS-20260512-73-0011

Vulnerability in hdf5 related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

UBUNTU-CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017777 advisory. Memory leak in the H5Odtypedecodehelper function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service memory consumptio...

OESA-2026-2262 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

OESA-2026-2261 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

Astra Linux – Vulnerability in hdf5

A violation of bounds was detected in H5Ofillnewdecode and H5Ofillolddecode within H5Ofill.c in the HDF HDF5 1.10.2 library. This could allow a remote denial of service or information disclosure attack...