73771 matches found
CVE-2026-41673
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...
ZTE ZX297520V3 缓冲区错误漏洞
ZTE ZX297520V3 is an industrial-grade 4G module from ZTE Corporation. The ZTE ZX297520V3 has a buffer error vulnerability. This vulnerability stems from the lack of target address verification in the USB download mode, which may allow arbitrary memory writes. As a result, it can overwrite the...
PT-2026-38369
Name of the Vulnerable Software and Affected Versions go-ipld-prime versions prior to 0.23.0 Description The DAG-CBOR and DAG-JSON decoders recurse on each nested map or list without a depth limit. A payload containing deeply nested collections causes the decoder to recurse once per level, growin...
OpenEXR 缓冲区错误漏洞
OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 contain a buffer error vulnerability. This vulnerability arises from the IDManifest::init...
youtube-regex 资源管理错误漏洞
youtube-regex is a YouTube video ID regular expression matching tool developed by RegexHQ. Versions of youtube-regex 1.0.5 and earlier contained a resource management error vulnerability, which was caused by a denial-of-service attack involving regular expressions...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.1 contained a buffer error vulnerability. This vulnerability stemmed from memory security flaws, which could lead to memory corruption and might be...
Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞
Tubitak Ulakbim LiderAhenk Software is an open-source software system developed by the Turkish National Academic Network and Knowledge Center Tubitak Ulakbim. It is used for centralized management, monitoring, and control of systems and users on enterprise networks. In versions 2.0.1 to 2.0.2 of...
LibreOffice 缓冲区错误漏洞
LibreOffice is a set of open-source office software products developed by The Document Foundation. Versions of LibreOffice between 26.2 and 26.2.3, as well as 25.8 and 25.8.7, contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds writing when processing specially...
Incus 代码问题漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities due to lack of error handling. These vulnerabilities could allow authenticated users to cause the daemon process to crash by importing truncated backup files...
ROS-20260507-73-0011
Vulnerability in tomcat11 related to a flaw in the error reporting mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
ROS-20260507-73-0010
Vulnerability in tomcat10 related to a flaw in the error reporting mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
ROS-20260507-73-0009
Vulnerability in tomcat related to flaws in the error reporting mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
PT-2026-38370
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the...
Linux Distros Unpatched Vulnerability : CVE-2026-43144
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons i.e. missing firmware, the sdiodev-bus ...
TencentOS Server 2: squid (TSSA-2025:1012)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:1012 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-43108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's...
Linux Distros Unpatched Vulnerability : CVE-2026-43192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f...
CVE-2026-43252
A flaw was found in the MultiPath TCP MPTCP subsystem of the Linux kernel. A local attacker could exploit a logic error in how MPTCP manages network connection endpoints. By performing a specific sequence of operations, an attacker could trigger a kernel warning, potentially leading to system...
CVE-2026-43247
A flaw was found in the wave5 media driver within the Linux kernel. This vulnerability can lead to a kernel panic, which causes the system to become unresponsive, effectively resulting in a Denial of Service DoS. The issue occurs when the system attempts to enter suspend mode due to an autosuspen...
CVE-2026-41484
OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...