CVE-2026-37457

FRRouting (FRR) stable/10.0 is affected by CVE-2026-37457 due to an off-by-one out-of-bounds write in bgp_flowspec_op_decode() within bgpd/bgp_flowspec_util.c. Attackers may cause a Denial of Service by supplying a crafted FlowSpec component. The available sources describe the vulnerability clear...

CLSA-2026-1777585788 python: Fix of CVE-2017-1000158

CVE-2017-1000158: fix integer overflow in PyStringDecodeEscape that could trigger a heap-based buffer overflow when decoding very large byte strings...

SUSE-SU-2026:21436-1 Security update for freerdp

This update for freerdp fixes the following issues: Update to version 3.24.2. Security issues fixed: - CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel bsc1258919. - CVE-2026-25942: buffer overflow of global array in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952:...

JLSEC-2026-341

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5Faddrdecodelen of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to...

JLSEC-2026-315

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5Faddrdecodelen in H5Fint.c, resulting in the corruption of the instruction pointer...

JLSEC-2026-299

HDF5 through 1.14.3 contains a buffer overflow in H5Olinfodecode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

JLSEC-2026-297

HDF5 through 1.14.3 contains a stack buffer overflow in H5Rdecodeheap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

CLSA-2026-1777456996 jasper: Fix of 3 CVEs

CVE-2021-26926: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-26927: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-3272: prevent heap-based buffer over-read in...

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CLSA-2025-1737465408 php: Fix of 3 CVEs

CVE-2024-8927: fix bypass of cgi.forceredirect configuration - CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter - CVE-2024-11234: fix HTTP fulluri CRLF injection...

CVE-2026-42420

OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input...

EUVD-2026-26123

OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input...

modsecurity3 -- multiple vulnerabilities

ModSecurity is an open source web application firewall engine. According to the upstream changelog, multiple vulnerabilities have been fixed. CVE-2026-42268: unsigned integer underflow in verify operators CVE-2026-30923: buffer overflow in hexdecode...

CVE-2026-7183

The CVE-2026-7183 entry affects aligungr UERANSIM (up to version 3.2.7), specifically the rls_pdu.cpp DecodeRlsMessage function in the Radio Link Simulation Layer. The issue arises from manipulation of the pduLength argument, causing an uncaught exception. Exploitability is described as remote. T...

CVE-2026-7183 aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

EUVD-2026-25933

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

CVE-2026-7183

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...

UERANSIM 安全漏洞

UERANSIM is an open-source advanced 5G UE and RAN gNodeB simulator developed by Ali Güngör of Turkey. Versions of UERANSIM 3.2.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter pdulength in the Radio Link Simulation Layer...

PT-2026-35537

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may b...

CLSA-2026-1776849467 jasper: Fix of 3 CVEs

CVE-2021-26926: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-26927: prevent out-of-bounds read in jp2decode by hard-erroring on inconsistent IHDR/BPCC component metadata - CVE-2021-3272: prevent heap-based buffer over-read in...