PT-2026-38288

Name of the Vulnerable Software and Affected Versions vLLM versions 0.18.0 through 0.19.1 Description The extract hidden states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError that crashes the EngineCore process. This...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of an uninitialized len variable in the decodechoice function, potentially leading to...

CLSA-2026-1777974224 libwebp: Fix of 6 CVEs

CVE-2018-25009: fix out-of-bounds read in GetLE16 by validating VP8X chunk size - CVE-2018-25010: fix heap-based buffer overflow in ApplyFilter by limiting filter radius to image dimensions - CVE-2018-25011: fix heap-based buffer overflow in PutLE16 by rejecting multiple image chunks in ANMF...

CLSA-2026-1777586657 python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

CVE-2026-30923

CVE-2026-30923 affects libModSecurity3 (ModSecurity v3) where a rule using the t:hexDecode transformation can trigger a segmentation fault when inspecting a single-character query string, causing worker process crashes and denial of service. All versions prior to 3.0.15 are affected; the issue is...

CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

UBUNTU-CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

SUSE CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

SUSE CVE-2026-42483

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...

Modsecurity 缓冲区错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity prior to 3.0.15 contained a buffer error vulnerability. This vulnerability arises from using the t:hexDecode conversion in rule checks for query string parameters containi...

PT-2026-37262

Name of the Vulnerable Software and Affected Versions Twisted versions prior to 26.4.0 Description The twisted.names module is susceptible to a Denial of Service DoS attack caused by resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can send a specially crafted...

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

UBUNTU-CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

GoBGP has an Improper Resource Shutdown or Release

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the DecodeFromBytes function of the AIGP Attribute Parser. An attacker can execute arbitrary code, cause a denial of service, or compromise data integrity and confidentiality by sending specially crafted BGP packets t...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the DecodeFromBytes function in the SRv6 L3 Service component. An attacker can cause a service disruption by sending specially crafted data to this function remotely. Remediation Upgrade...

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...