18046 matches found
CVE-2026-11826
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2026-11826 OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2026-45784
Summary: The rust-openssl crate contains a vulnerability in CipherCtxRef::cipher_update_inplace for AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). In versions 0.10.50–0.10.80, output buffers were incorrectly sized, causing writes up to 7 bytes past the caller’s buffer for non...
CVE-2026-44251
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.0.0 and above, prior to 4.14.5, a sizet integer underflow in oscrypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately...
EUVD-2026-45089
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.0.0 and above, prior to 4.14.5, a sizet integer underflow in oscrypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately...
CVE-2026-15449
A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...
CVE-2026-15422
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...
CVE-2026-15422 SCTP needs to better-check INIT ACK chunk parameters
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...
EUVD-2026-45014
The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...
CVE-2026-15422
CVE-2026-15422 concerns illumos SCTP where the inbound path performs association lookups for INIT ACK chunks without validating the address parameters. The vulnerability is triggered during packet classification, before SCTP integrity checks or IPsec policies, allowing a remote, unauthenticated a...
EUVD-2026-45034
A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...
CVE-2026-15449 TOCTOU double copyin in illumos dld ioctl handling causes kernel heap corruption
A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...
Alibaba Cloud Linux 3 : 0202: gstreamer1-plugins-good (ALINUX3-SA-2026:0202)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0202 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-53705: A flaw was found in GStreamer's...
JLSEC-2026-759
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field...
BIT-PILLOW-2026-59205 Pillow: Controlled heap out-of-bounds write in `ImageCmsTransform.apply()` via output mode mismatch
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.applyim, imOut API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0...
Google Chrome < 150.0.7871.124 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 150.0.7871.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 202607stable-channel-update-for-desktop0353146366 advisory. - Use after free in UI in Google Chrome on Linux prior to...
JLSEC-2026-703
An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...
DEBIAN-CVE-2026-15777
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-15777
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-15764
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...