73635 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch...
Linux Distros Unpatched Vulnerability : CVE-2026-45950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if...
Linux Distros Unpatched Vulnerability : CVE-2026-46211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the use...
DEBIAN-CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
UBUNTU-CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42507
CVE-2026-42507 affects the Go net/textproto package. The root issue is that error returns include user-controlled input as part of the error string, which could allow an attacker to inject misleading content into errors that are printed or logged. The connected sources confirm this behavior acros...
CVE-2026-42507
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
Improper Output Neutralization for Logs
Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...
GO-2026-5039 Arbitrary inputs are included in errors without any escaping in net/textproto
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...
CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...
CVE-2026-45679
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...
CVE-2025-66593
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
CVE-2025-66592
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
JDWPEx
JDWP Remote Code Execution Exploit A Python 3 implement...
EUVD-2026-33813
In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-33807
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-33799
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...