54 matches found
PYSEC-2026-724 Out-of-bounds Write in OpenCV
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...
PYSEC-2026-725 Out-of-bounds Write in OpenCV
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0 corresponds with OpenCV-Python version 4.1.2.30. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code...
OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints
Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...
EUVD-2026-37217
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0134
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0134
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0134
CVE-2026-0134 describes a data persistence issue in PostWipeData within recovery_ui.cpp, exposing local information after a factory reset due to a logic error. Impact is information disclosure with no additional privileges required and no user interaction needed. The available documents do not sp...
PT-2026-49793
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A logic error in the PostWipeData function of recovery ui.cpp may cause data persistence after a factory reset. This issue allows for local information disclosur...
GHSA-6GXQ-GPR8-XGJP free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
PUB-A-438759342
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of tagging the “gcing” flag on the page during block migration. It is necessary to add the missing “gcing” flag on the page during block migration, in order to ensure that the migrated data is persisted duri...
DataPersistence-Sung-UnPARK-17039326
No d...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper synchronization operations. This vulnerability may cause file systems that do not...
cross-site-scripting-lab
XSS Lab Documentation Overview What Is Cross-Site Scr...
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
ormar 安全漏洞
ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.23.0 contain security vulnerabilities. These vulnerabilities stem from Pydantic validation bypasses in the model constructor. This allows unvalidated users to bypass field validations by...
CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...
OpenSift 安全漏洞
OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of non-atomic and insufficiently synchronized local JSON persistence processes,...