CVE-2026-48135

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

CVE-2026-9530

GNU LibreDWG’s Dwgbmp Utility (src/decode.c, function read_2004_compressed_section) is affected by an out-of-bounds read when manipulated. The issue affects LibreDWG up to 0.14 and requires local access; a publicly available exploit exists. A patch is available (commit 8f03865f37f5d4ffd616fef802a...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

Vanetza 安全漏洞

Vanetza is an open-source implementation of a vehicle communication protocol suite developed by Raphael Riebl. Versions of Vanetza prior to 26.02 contained security vulnerabilities. These vulnerabilities stemmed from the ASN.1 decoder accepting V2X messages that are syntactically valid but...

NVIDIA Display Driver for Linux 缓冲区错误漏洞

NVIDIA Display Driver for Linux is a graphics driver developed by NVIDIA Corporation. The NVIDIA Display Driver for Linux contains a buffer error vulnerability; this vulnerability can lead to out-of-bounds read attacks, potentially causing system crashes and information leaks...

FastNetMon 缓冲区错误漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contained a buffer error vulnerability, which stems from boundary-checking errors in the dynamicbinarybuffert class, potentially leadi...

eml_parser 安全漏洞

EmlParser is an open-source Python library for parsing email files, developed by GOVCERT.LU. Versions of EmlParser prior to 3.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of EmlParser.getrawbodytext, which performed unrestricted recursive processing on nested...

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components developed by Hitachi, Ltd. Hitachi Energy RTU500 contains a security vulnerability; this vulnerability stems from a null pointer dereferencing when using the IEC 60870-5-104 standard in bidirectional mode, which may lead to...

HammerSim: A System-Level Tool to Model RowHammer

Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...

PT-2026-43424

Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the ASN.1/OER parsing pipeline. When the system processes malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or...

PT-2026-43351

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

SAP Gateway 安全漏洞

SAP Gateway is a framework based on open standards developed by SAP, a German company. This product allows non-SAP applications to connect to SAP applications, as well as access SAP applications on mobile devices. There is a security vulnerability in SAP Gateway, which allows attackers to inject...

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

EUVD-2026-31841

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...