404 matches found
PT-2026-53020
Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In md/raid10, the wait barrier is required before returning a discard request with the REQNOWAIT flag. The raid10handlediscard function should also wait for the barrier before returning a discard bio that has the REQNOWAIT flag...
UBUNTU-CVE-2026-52916
In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...
CVE-2026-54270
protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...
CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode
protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...
CVE-2026-54270
CVE-2026-54270 concerns protobufjs, where versions 8.2.0–8.4.2 preserved unknown wire elements in message.$unknowns during binary decode and lacked a decode-time option to discard them. This could allow crafted protobuf payloads with many unknown fields to cause decoded messages to retain memory ...
Use After Free
Overview msgpack is an efficient binary serialization format. Affected versions of this package are vulnerable to Use After Free in the unpacker' when it is reused after an error has occurred. An attacker can cause a crash or denial of service by repeatedly triggering errors and reusing the same...
CVE-2026-9143
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...
SUSE-SU-2026:22172-1 Security update for zypper, libzypp, libsolv
This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...
GHSA-94RC-8X27-4472 protobufjs: Memory amplification from preserved unknown fields in binary decode
Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...
EUVD-2026-36566
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...
CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...
CVE-2026-49958
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
EUVD-2026-35706
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-49958
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-49958
Hermes WebUI is affected by a TOCTOU race in git_discard (api/workspace_git.py) prior to version 0.51.303. An attacker can replace a validated path component with a symlink between safe_resolve_ws() and the subsequent Path.unlink() or shutil.rmtree() call, causing the delete operation to follow t...
CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...
PT-2026-48120
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the git discard function within api/workspace git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a...