CVE-2026-48142

A flaw was found in NGINX. Remote, unauthenticated attackers can exploit a vulnerability in the ngxhttpcharsetmodule when specific charset configurations are present. This can lead to a heap buffer over-read, potentially causing limited disclosure of memory or a denial of service by restarting th...

CVE-2025-61024

An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

MGASA-2026-0153 Updated ffmpeg packages fix security vulnerabilities

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input. CVE-2026-30997 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to...

CVE-2026-9256

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

CVE-2026-8469

CVE-2026-8469 affects phoenix_storybook (0.2.0 before 1.1.0). The issue stems from multiple LiveView handlers that convert user-supplied event strings to BEAM atoms via String.to_atom/1 without validation, causing unbounded atom table growth. BEAM atoms are not garbage-collected; exhaustion of th...

EUVD-2026-30690

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogssbisubscriptiondataadd/ogssbinfserviceadd in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit ha...

EUVD-2026-30411

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

MGASA-2026-0135 Updated dnsmasq packages fix security vulnerabilities

CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...

CVE-2026-8270

Open5GS up to 2.7.7 has a vulnerability in the SMF component, in the function ogs_nas_parse_qos_rules. A remote attacker can manipulate this to cause a denial of service. The exploit is publicly disclosed and may be used; the project was informed early via an issue report but has not responded. N...

CVE-2026-8123

Open5GS up to 2.7.7 is affected. The flaw resides in ogs_sbi_discovery_option_add_snssais within /lib/sbi/message.c (NSSF) and can cause denial of service. The issue can be triggered remotely. Public exploit disclosure is noted, and the project was informed via issue reports but has not responded...

Linux Distros Unpatched Vulnerability : CVE-2026-42483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code vi...

PT-2026-38398

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 36.0.8 Wasmtime versions prior to 43.0.2 Wasmtime versions prior to 44.0.1 Description Allocation logic for a WebAssembly table contains checked arithmetic that panics on overflow when a table with an extremely large...

JLSEC-2026-227 openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

CVE-2026-32688

This CVE affects elixir-plug plug_cowboy: Plug.Cowboy.Conn.conn/1 calls String.to_atom/1 on the value from :cowboy_req.scheme/1. For HTTP/2, the scheme header is client-supplied and passed verbatim by cowlib, creating a new BEAM atom per unique value. Atoms are not garbage-collected and the atom ...

openldap: Fix of 14 CVEs

Rebase to 2.4.58 to fix the following vulnerabilities: - CVE-2020-12243: fix denial of service caused by LDAP search filters with nested boolean expressions - CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing - CVE-2020-36223: fix slapd crash in the Values Return...

MiracleLinux 9 : thunderbird-140.9.1-1.el9_7.ML.1 (AXSA:2026-483:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-483:08 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of...

UBUNTU-CVE-2026-5313

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...