crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.26 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds read in the stbtruetype.h library within the TTF File Handler component, which could lead to remote attac...

IBM Security Verify Access和IBM Verify Identity Access Container 跨站脚本漏洞

IBM Security Verify Access ISAM and IBM Verify Identity Access Container are products of IBM Corporation. IBM Security Verify Access is a service that enhances user access security. IBM Verify Identity Access Container is a containerized software that provides authentication and authorization...

Fuji Electric V-SFT 缓冲区错误漏洞

Fuji Electric V-SFT is a screen configuration software developed by Fuji Electric, a Japanese company. Versions of Fuji Electric V-SFT 6.2.10.0 and earlier contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds read in the VS6ComFile!getmacromemCOM function, whic...

Fuji Electric V-SFT 缓冲区错误漏洞

Fuji Electric V-SFT is a screen configuration software developed by Fuji Electric, a Japanese company. Versions of Fuji Electric V-SFT 6.2.10.0 and earlier contain a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in VS6MemInIF!settemptypedefault, which may lead to...

Cisco Integrated Management Controller（IMC） 缓冲区错误漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

Fuji Electric V-SFT 缓冲区错误漏洞

Fuji Electric V-SFT is a screen configuration software developed by Fuji Electric, a Japanese company. Versions of Fuji Electric V-SFT 6.2.10.0 and earlier contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds reading in VS6ComFile!loadlinkinf, which could lead to...

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Issue Correction: Run...

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Note: This advisory i...

llama.cpp 缓冲区错误漏洞

Llama.cpp is a multimodal model developed by Georgi Gerganov. Prior versions of llama.cpp b8492 contained a buffer error vulnerability. This vulnerability stemmed from the deserializetensor function in the RPC backend, which skipped all boundary verifications when the buffer field of the tensor w...

OpenEXR 缓冲区错误漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.4.0 to 3.4.8 contained a buffer error vulnerability. This vulnerability stemmed from specially crafted B44 or B44A EXR files, which could cause...

openssl-encrypt silently skips schema validation when jsonschema library is not installed

Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...

CVE-2026-34549

iccDEV contains an Undefined Behavior in IccUtil.cpp caused by invalid left shift on icUInt32Number when processing a crafted ICC profile. Affects versions prior to 2.3.1.6; the issue is fixed in 2.3.1.6. Public references indicate the UB is reported under UndefinedBehaviorSanitizer. There is no ...

EUVD-2026-17714

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer

A flaw was found in GStreamer. This vulnerability allows a remote attacker to execute arbitrary code by exploiting an out-of-bounds write in the RealMedia Demuxer component. The issue occurs due to improper validation of user-supplied data during the processing of video packets, leading to a writ...

CVE-2026-34235

CVE-2026-34235 affects the PJSIP library (C) prior to version 2.17, where the VP9 RTP unpacketizer has a heap out-of-bounds read when parsing crafted VP9 SS data. The vulnerability stems from insufficient bounds checking on the payload descriptor length, causing reads beyond the RTP payload buffe...

EUVD-2026-17385

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

CVE-2026-32982

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

CVE-2026-32982 OpenClaw < 2026.3.13 - Telegram Bot Token Exposure in Media Fetch Error Logs

OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are embedded in MediaFetchError strings and leaked to lo...

CVE-2026-32982

OpenClaw prior to 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens. When media downloads fail, original Telegram file URLs (containing bot tokens) can be embedded in MediaFetchError strings and leaked to logs and error su...