SUSE CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

CVE-2026-44893

Netty CVE-2026-44893 affects netty-codec-haproxy prior to 4.1.135.Final and 4.2.15.Final. During PP2_TYPE_SSL TLV decoding, HAProxyMessage.readNextTLV() retains a slice before reading the client (1 byte) and verify (4 bytes). If TLV length

keycloak: Keycloak: Denial of Service via malformed Authorization header

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-44222

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

CVE-2026-25276 Improper Validation of Array Index in Secure Processor

Memory corruption while using Strongbox due to missing bounds check...

CVE-2026-42500 Panic when reading out of bound palette index in golang.org/x/image/bmp

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-44222

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

CVE-2026-44222

CVE-2026-44222 (vLLM) affects vLLM versions 0.6.1 through 0.19.x where a token-injection vulnerability in multimodal processing allows unauthenticated text prompts containing special tokens to be interpreted as control. When image/video placeholder sequences are provided without corresponding dat...

CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

vLLM 输入验证错误漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.6.1 to 0.20.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from token injection issues during...

SUSE CVE-2026-31777

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...

PT-2026-37318

Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.1 through 0.19.x Description A Token Injection issue exists in the multimodal processing of vLLM. Unauthenticated, text-only prompts containing special tokens are interpreted as control commands. When image and video...

CVE-2026-31777

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...

CVE-2026-31777

The CVE-2026-31777 entry concerns the Linux kernel ALSA ctxfi driver. The root cause is the driver’s missing validation of the return value from daio_device_index(), leading to incorrect assumptions and potential system instability. Documents indicate this has been resolved via patches. Remediati...

EUVD-2026-26590

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...

PT-2026-36412

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing error check in the ALSA ctxfi driver occurs because the driver assumes the daio device index function always returns a proper value. This lack of validation can lead to stabili...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

Linux Distros Unpatched Vulnerability : CVE-2026-33817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt CVE-2026-33817 Note that Nessus relies on the presence of the package ...

GO-2026-4923 WITHDRAWN: out-of-range-index in go.etcd.io/bbolt

This report has been withdrawn with reason: "Reporter and maintainer have confirmed this as false positive". Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt...