73859 matches found
CVE-2026-6276
A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom Host: header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new Host: header. This can lead to libcurl incorrectly sending cookies intended...
CLSA-2026-1777548230 python2: Fix of CVE-2026-6100
CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...
EUVD-2026-26352
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
SUSE CVE-2010-4713
Integer signedness error in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header...
CLEANSTART-2026-WH33500 CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs
Multiple security vulnerabilities affect the atlantis-fips package. The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. See references for individual vulnerability details...
CLEANSTART-2026-GY48351 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-MI12470 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...
Exim 缓冲区错误漏洞
Exim is an open-source message transfer agent MTA developed by Exim Software, running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Versions of Exim prior to 4.99.2 contained a buffer error vulnerability. This vulnerability stemmed from the utf8 operator’s...
Exim 缓冲区错误漏洞
Exim is an open-source message transfer agent MTA developed by Exim Software. It operates on Unix-based systems and is primarily responsible for routing, forwarding, and delivering emails. Prior to Exim 4.99.2, there was a buffer error vulnerability. This vulnerability stemmed from the JSON...
Open5GS 输入验证错误漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Version 2.7.3 of Open5GS contains a vulnerability related to input validation errors. This vulnerability stems from specially crafted PDU session modification requests,...
Absolute Secure Access 缓冲区错误漏洞
Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.50 contained a buffer error vulnerability, which stems from out-of-bounds readi...
CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...