Artifex Software MuPDF 缓冲区错误漏洞

Artifex Software MuPDF is a free and lightweight PDF reader developed by Artifex Software in the United States. Versions of Artifex Software MuPDF 1.28.0 and earlier contain a buffer error vulnerability. This vulnerability stems from the fzsubsetcffforgids function in the CFF Index Handler...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the Media component after its release, which could allow a remote attacker with access to a renderi...

Hanwha Vision QND-8080R 输入验证错误漏洞

Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a vulnerability related to input validation errors. This vulnerability arises from improper handling of data in specific requests, which may lead to...

NVIDIA FLARE SDK 输入验证错误漏洞

NVIDIA FLARE SDK is a federal learning application development toolkit provided by NVIDIA Corporation in the United States. The NVIDIA Flare SDK has a vulnerability related to input validation errors. This vulnerability stems from path traversal, which leads to improper input validation,...

Apache Thrift 缓冲区错误漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a buffer error vulnerability, which was caused by an out-of-bounds read issue...

Apache Thrift 缓冲区错误漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a buffer error vulnerability, which was caused by out-of-bounds read operations...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Version 150.0.0 of Mozilla Firefox contains a buffer error vulnerability, which stems from a memory security flaw. This vulnerability may lead to memory corruption, and it could potentially be...

Mozilla Firefox ESR 缓冲区错误漏洞

Mozilla Firefox ESR is an extended support version of Firefox a web browser developed by the Mozilla Foundation in the United States. The Mozilla Firefox ESR 140.10.0 version and Firefox 150.0.0 version contain a buffer error vulnerability. This vulnerability stems from a memory security flaw,...

Vmware Spring gRPC 安全漏洞

Vmware Spring GRPC is an extension component for Spring application development developed by Vmware, which supports GRPC communication. Versions 1.0.0 to 1.0.2 of Vmware Spring GRPC contain security vulnerabilities. These vulnerabilities stem from the fact that the original message of the...

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...

SQLi-Scanner-Lab

🕸️ Automated SQLi Vulnerability Scanner & Lab 📌 Project Ov...

CVE-2026-7183

The CVE-2026-7183 entry affects aligungr UERANSIM (up to version 3.2.7), specifically the rls_pdu.cpp DecodeRlsMessage function in the Radio Link Simulation Layer. The issue arises from manipulation of the pduLength argument, causing an uncaught exception. Exploitability is described as remote. T...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

JLSEC-2026-222 Integer Overflow in openssl-src

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

CVE-2026-31689

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...

EUVD-2026-25886

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...

CVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...

CVE-2026-31689

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...