Astra Linux - уязвимость в golang-1.19

Parsing multipart forms can consume large amounts of CPU and memory when processing form inputs containing a very large number of parts. This occurs due to several reasons: 1. The mime/multipart.Reader.ReadForm method limits the total memory that a parsed multipart form can consume. ReadForm may...

Astra Linux - уязвимость в http-parser

Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

CVE-2026-35469 SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

PT-2026-33367

Name of the Vulnerable Software and Affected Versions spdystream versions prior to 0.5.1 Description The SPDY/3 frame parser fails to validate attacker-controlled counts and lengths before allocating memory. This occurs in three allocation paths: the SETTINGS frame entry count, the header count i...

CVE-2026-40395

A flaw was found in Varnish Enterprise. A remote attacker can exploit this vulnerability by sending a request with an excessive number of header fields. This can cause a "workspace overflow" within the vmodheaderplus module, leading to a daemon panic and crashing the Varnish Enterprise server. Th...

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

PT-2026-23739

Name of the Vulnerable Software and Affected Versions GNU Binutils versions through 2.46 Description The software contains a flaw where a null pointer dereference can occur when processing a specially crafted ELF binary with incorrectly formatted header fields. This happens during relocation...

UBUNTU-CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Impact Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http crate is backed by a data structure which panics when it reaches excessive capacity and this...

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0 contain security vulnerabilities. These vulnerabilities stem from the wasi:http/types Fields resource implementation, where excessive header...

UBUNTU-CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

PT-2025-47523

Name of the Vulnerable Software and Affected Versions FileCodeBox versions up to 2.2 Description A flaw exists in the IPRateLimit implementation of FileCodeBox. This allows remote attackers to circumvent ip-based rate limit protection and failed attempt restrictions by manipulating the X-Real-IP...

CVE-2025-12346

A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...

EUVD-2015-6219

Malware in sbrugna...

EUVD-2006-1108

Malware in sbrugna...

EUVD-2023-25826

Malicious code in bioql PyPI...

EUVD-2023-41188

Malicious code in bioql PyPI...