CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

EUVD-2026-26899

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

CVE-2026-43861

CVE-2026-43861 affects mutt up to version 2.3.1, where the url_pct_decode function does not check for a '\0' terminator. This could allow malformed URLs to bypass validation. The CVSSv3.1 base score is 3.7 (LOW); attack vector: NETWORK, complexity: HIGH, privileges: NONE, user interaction: NONE. ...

CVE-2026-42369

GV-VMS V20 WebCam Server contains a stack overflow in the b64decoder path of the gvapi flow. The decoded base64 string is copied into a 256-byte local Buffer without bounds checking, so if the decoded data exceeds 256 characters an attacker can trigger a stack overflow. The product is described a...

PT-2026-37138

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Incus is a system container and virtual machine manager. An authenticated user can provide a specially crafted image or backup tarball containing a very large YAML document. Because the software unpack...

GoBGP 安全漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained security vulnerabilities. These vulnerabilities stemmed from a function in the SRv6 L3 Service component called pkg/packet/bgp/prefixsid.go. The function...

PT-2026-36774

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The software fails to check for the null character '0' within the url pct decode function. Recommendations Update to version 2.3.2 or later...

PT-2026-37200

Name of the Vulnerable Software and Affected Versions Pillow versions 10.3.0 through 12.1.x Description Processing a malicious PSD file can lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This occurs because bounds checks for tile extents in PSD image...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevented underflow in nfssvcdecodewriteargs Smatch reported the issue as follows: fs/nfsd/nfsxdr.c:341 nfssvcDecodeWriteArgs Warning: no lower bound on ‘args-len’ The type of the variable has been changed to unsigned to...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ceph: Avoid putting the realm twice when decoding snaps fails. When decoding snaps fails, it may leave the firstrealm and realm pointing to the same snaprealm memory. Doing this twice could lead to random use-after-free issues,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: Added protection against bmp length being out of range. The UBSAN load reports an exception due to bitwise shifts that are out of bounds for their data type. For example: vmlinux getbitmapb=75 + 712...

Astra Linux - уязвимость в openh264

OpenH264 is a free license codec library that supports H.264 encoding and decoding. A vulnerability in the decoding functions of the OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability arises from a race condition between the Sequen...

Astra Linux - уязвимость в libpng1.6

A issue has been identified in third-party PNM decoding related to libpng 1.6.35. It is a stack-based buffer overflow in the gettoken function located in the pnm2png.c file within pnm2png...

Astra Linux - уязвимость в netty

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. Before version 4.1.59.Final, there was a vulnerability on Unix-like systems involving an insecure temporary file. When Netty’s...

Astra Linux - уязвимость в firefox, thunderbird

A out-of-bounds read can occur during the decoding of H264 videos. This can lead to a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

OESA-2026-2166 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

OESA-2026-2165 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

mysql: Fix of CVE-2018-2755

CVE-2018-2755: harden binlog event decoding against corrupt binary log files BUG24365972...