13325 matches found
CVE-2026-40997 SOAP security faults leak Spring Security account state
Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...
CVE-2026-40997
The CVE-2026-40997 issue affects Spring Web Services: versions 5.0.0–5.0.1, 4.1.0–4.1.3, 4.0.0–4.0.18, and 3.1.0–3.1.8. The vulnerability arises when several Spring WS integration paths with Spring Security reveal detailed account state (e.g., locked or disabled user semantics) to remote SOAP cli...
PT-2026-48622
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...
kernel: md/bitmap: fix GPF in write_page caused by resize race
A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...
CVE-2025-52293
A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...
InjectV: Modeling Fault Injection Attacks in RISC-V Simulation Environment
Fault Injection Attacks FIAs are a significant threat to hardware security, capable of compromising systems by inducing malicious faults in computation or storage. Evaluating resilience against such attacks is challenging due to the high cost, complexity, and limited availability of physical faul...
Linux Distros Unpatched Vulnerability : CVE-2026-46290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 x86/fpu: Improve crypto performance by making kernel-mode FPU reliably...
RHEL 7 : kernel (RHSA-2026:25095)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25095 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: raw: fix ro-uniq...
CVE-2025-52293
A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...
SUSE CVE-2026-46290
In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...
CVE-2025-52293
A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...
CVE-2025-52293
A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...
PT-2026-48158
Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A segmentation violation occurs in the gf hevc read sps bs internal function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing specially...
FreeSWITCH 安全漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and messaging-related products and applications. Prior to FreeSWITCH version 1.11.1, there were security...
CVE-2025-52293
GPAC MP4Box v2.4 contains a DoS vulnerability in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) when processing crafted HEVC SPS data. This results in a segmentation fault and possible denial of service under network conditions with no user interaction. The CVSS vector indic...
GPAC MP4Box 资源管理错误漏洞
GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a resource management...
CVE-2025-52293
A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...
EulerOS 2.0 SP11 : binutils (EulerOS-SA-2026-2236)
According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2235)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...
CVE-2026-46290
In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...