3110 matches found
CVE-2026-25714
Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...
CVE-2026-14544
CVE-2026-14544 concerns HPLIP (HP Linux Imaging and Printing Software) with an integer overflow in the hpcups processing path when handling specially crafted print data. This is described as an incomplete fix for CVE-2026-8631. The vulnerability may allow a remote attacker to escalate privileges ...
CVE-2026-14544
A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...
CVE-2026-51947
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...
CVE-2026-12480
CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...
CVE-2026-51947
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...
PYSEC-2026-304 Server-Side Request Forgery in calibreweb
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...
DEBIAN-CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
GO-2026-5337 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) in github.com/kyverno/kyverno
Kyverno: Cross-Namespace Read Bypasses RBAC Isolation CVE-2026-22039 Incomplete Fix in github.com/kyverno/kyverno...
CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...
Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
Summary The Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE 2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: whenever corsorigins contains more than one entry. An operator who configur...
CVE-2026-12799
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
Linux Distros Unpatched Vulnerability : CVE-2026-56412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in...
CVE-2026-3195
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...
CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...
CVE-2026-3195
CVE-2026-3195 : In QEMU’s virtio-snd, the heap buffer overflow occurs in the input callback (virtio_snd_pcm_in_cb) due to an incomplete bounds/iov check. The Attackerkb entry reiterates that the function does not verify whether the iov can fit the data buffer, enabling a heap out-of-bounds write....
CVE-2026-3195
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...
Astra Linux – Vulnerability in Tomcat9
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, or 7.0.0 to 7.0.107, the Tomcat instance was still vulnerable to CVE-2020-9494, even when using a configuration edge case that was highly unlikely to be used. It should be...
Astra Linux – Vulnerability in python-git
GitPython before version 3.1.32 does not prevent the use of insecure non-multi options in clone and clonefrom commands. NOTE: This issue exists due to an incomplete fix for CVE-2022-24439...
MGASA-2026-0222 Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities
CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...