CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

Linux Distros Unpatched Vulnerability : CVE-2026-56412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in...

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

CVE-2026-3195

CVE-2026-3195 : In QEMU’s virtio-snd, the heap buffer overflow occurs in the input callback (virtio_snd_pcm_in_cb) due to an incomplete bounds/iov check. The Attackerkb entry reiterates that the function does not verify whether the iov can fit the data buffer, enabling a heap out-of-bounds write....

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

Astra Linux – Vulnerability in libzstd

Starting from v1.4.1 and before v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and immediately restricted those permissions afterward. As a result, the output files could temporarily be readable or writable by...

Astra Linux – Vulnerability in libdbi-perl

A issue was discovered in the DBI module through version 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically specified via the fdir attribute in the data source name DSN. NOTE: This issue exists due to an incomplete fix for CVE-2014-10401...

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via the Anthropic API router Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Severity: CVSS 3.1 5.3 Medium AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Target: https://github.com/vllm-project/vllm ---...

PT-2026-50491

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description An incomplete fix for a previous memory leak issue allows unauthenticated attackers to leak heap memory addresses. The system fails to properly sanitize error messages in several response paths,...

CVE-2026-49993 @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...

CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

CVE-2026-45670

Summary (CVE-2026-45670) Nuxt.js dev-server exposure issue affects @nuxt/webpack-builder and @nuxt/rspack-builder. An incomplete fix for GHSA-4gf7-ff8x-hq99 allowed source-code leakage when the dev server is bound to a non-loopback address (for example, nuxt dev --host) and a user visits a malici...

CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

CVE-2026-50632

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

EUVD-2026-36400

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

SUSE CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

PT-2026-48432

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs during the serialization of objectclass definitions. The length of the oc superior SUP field is omitted from buffer size calculations within the rea...

K000161603: Apache Tomcat vulnerability CVE-2026-32990

Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to versio...

curl: heap-use-after-free in state.referer when CURLOPT_REFERER replaced or cleared after perform

Calling curleasysetoptcurl, CURLOPTREFERER, ... to replace or clear a previously-set referer after curleasyperform frees the old string via Curlsetstropt lib/setopt.c:87 but leaves data-state.referer.ptr pointing at the freed heap region. curleasygetinfoCURLINFOREFERER and curleasyduphandle then...