CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

CLSA-2026-1776362968 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: heap read past bounds in sftpparselongname from malicious SFTP longname field - debian/patches/CVE-2026-0968.patch: validate longname pointer and longnamefield; bound string walks at NUL; fail if field not found - CVE-2026-0968...

CLSA-2026-1776361748 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: heap read past bounds in sftpparselongname from malicious SFTP longname field - debian/patches/CVE-2026-0968.patch: validate longname pointer and longnamefield; bound string walks at NUL; fail if field not found - CVE-2026-0968...

EUVD-2026-23245

A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...

SUSE-SU-2026:1413-1 Security update for ovmf

This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...

CVE-2026-5968

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

Operator Precedence Logic Error

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Operator Precedence Logic Error in the form of short-circuit evaluation that gives precedence to ADDTAGS over FORBIDTAGS in sanitizeElements. In an application where ADDTAG...

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

PT-2026-33324

A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdp pli option. The callback function str fdp pli cb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the PUT request handler in the UDR service, which failed to properly return values after request parsing or...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17698)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the user.asp script and can be exploited by an attacker to cause a denial of service...

Google Chrome Access Control Error Vulnerability (CNVD-2026-17820)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an Access Control Error vulnerability that can be exploited by attackers to disclose cross-origin data via specially crafted HTML pages...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17627)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability is caused due to incorrect boundary checking in the qostypeasp.asp script and can be exploited by an attacker to cause a denial of service...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17655)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect bounds checking of parameters in the /xwglref.asp endpoint, which can be exploited by an attacker to cause a denial of service...

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1371-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1371-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1363-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1363-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

SUSE CVE-2026-40312

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19...