CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39979)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39979 advisory. - jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5...

RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-35435

CVE-2025-35435 affects CISA Thorium. The vulnerability arises when Thorium accepts a stream split size of zero and then divides by that value, potentially causing a service crash from a remote, authenticated attacker. The fixed version is implemented in commit 89101a6. Multiple connected document...

Linux Distros Unpatched Vulnerability : CVE-2025-37974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function...

CVE-2024-41115

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

CVE-2024-50210 posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...

UBUNTU-CVE-2023-1032

The Linux kernel iouring IORINGOPSOCKET operation contained a double free in function syssocketfile in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067...

K43871899: binutils vulnerability CVE-2018-1000876

Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. Th...

SUSE CVE-2018-1999010

FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

AZL-11541 CVE-2022-41907 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-36191

A heap-buffer-overflow had occurred in function gfisomdoviconfigget of isomedia/avcext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242...

CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

ImageChunkMut needs bounds on its Send and Sync traits

In the affected versions of this crate, ImageChunkMut unconditionally implements Send and Sync, allowing to create data races. This can result in a memory corruption or undefined behavior when non thread-safe types are moved and referenced across thread boundaries. The flaw was corrected in commi...

libmspack: buffer overflow in function chmd_read_headers()

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

CVE-2020-24978

In NASM 2.15.04rc3, there is a double-free vulnerability in pptokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7...

CVE-2018-1000222

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

PT-2022-23250 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC mp4box version 2.1-DEV-revUNKNOWN-master Description: The issue is a use-after-free vulnerability in the function gf isom dovi config get. This vulnerability was fixed in commit fef6242. Recommendations: For GPAC mp4box version...