CVE-2025-59605 Out-of-bounds Write in HLOS

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

PT-2026-41714

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev op function in sys/opencrypto/cryptodev.c where the local variable iov len is declared as a signed int but assigned from an unsigned cop-dst len value, causing undefined behavior when cop-dst len...

EUVD-2026-27127

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...

Astra Linux - уязвимость в sqlite3

There is a vulnerability in SQLite versions before 3.50.2, where the number of aggregate terms can exceed the number of available columns. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or higher...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mlxsw: Thermal: Fix for out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: bash cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...

RUSTSEC-2026-0132 Potential out-of-bounds write via public `Context` fields

The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

Progress Telerik UI for AJAX 资源管理错误漏洞

Progress Telerik UI for AJAX is a set of Web interface components developed by the American company Progress. Versions of Progress Telerik UI for AJAX prior to 2026.1.421 contained a resource management vulnerability. This vulnerability stemmed from RadAsyncUpload’s lack of a mandatory measure to...

PT-2026-34357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 filesystem where the system fails to convert files from inline data storage to extent-based storage when a truncate operation increases the file size beyond t...

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010913)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010913 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: fix memory corruption in ioctl If smem.bytes is larger than the buffer size it...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the disasm function. An attacker can cause a stack-based buffer overflow by providing input that causes slen to exceed the buffer capacity, resulting in an out-of-bounds write when formatting disassembly...

DEBIAN-CVE-2026-39855

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

CVE-2026-30574

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity txtqty exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is...

RUSTSEC-2026-0074 Incorrect Output of Incremental Portable SHAKE API

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the -extract process when the specified dimensions exceed those set by -size. An attacker can access sensitive information by submitting specially crafted image files that trigger out-of-bounds memory reads...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...