Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided to...

SUSE SLES15 Security Update : kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1237-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1237-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues The following security issues were fixed: ...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

UBUNTU-CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

EUVD-2026-21506

Step CA affected by an index out of bounds panic in TPM attestation EKU validation...

GHSA-XQ4J-G85Q-WF97 REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The function parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input function is injected into an exception message, then rendered by rexview::error...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of a backend user's session by...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the type parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of the backend session by crafting a...

SUSE-SU-2026:1261-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: - CVE-2025-40159: xsk: Harden userspace-supplied xdpdesc validation bsc1253404. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoke...

CVE-2025-50659

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the customerror parameter in the /user.asp endpoint...

GHSA-3F6H-2HRP-W5WX @sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service

redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input...

@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service

redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input...

Updated openssl packages fix security vulnerabilities

Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...

CVE-2026-40074

CVE-2026-40074 affects SvelteKit. The issue is an unhandled TypeError in redirect() when called from the handle hook with a location containing characters invalid in HTTP headers, leading to potential DoS. Vulnerable in all versions before 2.57.1; fixed in 2.57.1. Remediation: upgrade to 2.57.1 o...

CVE-2026-40074 SvelteKit's invalidated redirect in handle hook causes Denial-of-Service

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...

CVE-2026-40074

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...