PT-2026-32144

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A security flaw exists in FoundationAgents MetaGPT versions up to 0.8.1. The decode image function within the metagpt/utils/common.py file is susceptible to server-side request forgery...

MetaGPT 代码问题漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the improper handling of the imgurlorb64 parameter in the decodeimage function within the metagpt/utils/common.py file, which could...

CVE-2026-33618

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

CVE-2026-3446

CVE-2026-3446 affects Python’s base64 decoding (base64.b64decode and related functions). The root cause is that the decoder stops after the first padded quad, potentially leaving additional data unprocessed. This can cause data to be accepted and then processed differently by other implementation...

CLSA-2026-1775223344 freerdp: Fix of 3 CVEs

CVE-2023-39355: fix use-after-free in RDPGFXCMDIDRESETGRAPHICS handling when context-maxPlaneSize == 0; update context-planesBuffer after free and prevent access to freed memory - CVE-2026-26965: fix heap out-of-bounds write in RLE planar decode that permit attacker-controlled pixel data and...

EUVD-2026-21312

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. T...

CVE-2026-6016

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. T...

UBUNTU-CVE-2026-5500

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

CVE-2026-5500

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

PT-2026-31864

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description wolfSSL's wc PKCS7 DecodeAuthEnvelopedData function does not properly sanitize the AES-GCM authentication tag length received and lacks a lower bounds check. This allows a man-in-the-middle...

PT-2026-31877

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. T...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-007104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007104 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstDat...

Linux Distros Unpatched Vulnerability : CVE-2026-5187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot befor...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the sslDecodePacket process. An attacker can cause a program crash and trigger a large out-of-bounds read by injecting a malformed TLS Application Data record that is shorter than the required...

EUVD-2026-21068

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

CVE-2026-5187

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

CVE-2026-5187

CVE-2026-5187 affects wolfSSL’s wolfcrypt DecodeObjectId() in asn.c, with two potential heap out-of-bounds writes. First, a bounds check validates only one slot before writing two OID arcs (out[0], out[1]), allowing a 2-byte OOB write when outSz == 1. Second, callers pass sizeof(decOid) (64 bytes...

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

EUVD-2026-20918

An out-of-bounds read vulnerability exists in the DecodePsmctRle1 function of DicomImageDecoder.cpp. The PMSCTRLE1 decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafte...