CVE-2026-23263

CVE-2026-23263: In the Linux kernel, io_uring/zcrx had a page array leak that was not freed during sg init failure. The fix, committed as d9f595b9a65e, releases the previously leaked page array along with the leaked pages. Exploitation details are not provided in the supplied documents beyond the...

CVE-2026-23263 io_uring/zcrx: fix page array leak

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix page array leak d9f595b9a65e "iouring/zcrx: fix leaking pages on sg init fail" fixed a page leakage but didn't free the page array, release it as well...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: erlang (UTSA-2026-006244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006244 advisory. Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message c...

CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2026-1362)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization. When a token...

CVE-2025-14287 Command Injection in mlflow/mlflow

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

CVE-2025-14287

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

CVE-2025-14287

Summary: CVE-2025-14287 is a command-injection in mlflow/mlflow prior to v3.7.0. The flaw resides in mlflow/sagemaker/init .py (lines 161–167) where user-supplied container image names are directly interpolated into shell commands and executed with os.system(), enabling arbitrary command executio...

OESA-2026-1606 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

PT-2026-25547

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.7.0 Description A command injection issue exists due to the direct interpolation of user-supplied container image names into shell commands without proper sanitization. These commands are then executed using the...

Linux Distros Unpatched Vulnerability : CVE-2026-27940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to ...

CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

CVE-2026-27940 llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

CVE-2026-27940 llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

gnutls security update

An update is available for gnutls. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50145)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50145 advisory. - macvlan: fix error recovery in macvlancommonnewlink Eric Dumazet Orabug: 39057366 CVE-2026-23209 - netfilter: nftables: fix inverted genmask che...

CVE-2026-30979 iccDEV has a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30979

iccDEV contains a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp(), exploitable with local user interaction and causing memory corruption/crash. Affected versions are prior to 2.3.1.5; the issue is fixed in 2.3.1.5. This CVE has a high impact (confidentiality, integrity, and avail...

iccDEV 缓冲区错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained a buffer error vulnerability. This vulnerability stems from a heap buffer overflow in the CIccCalculatorFunc::InitSelectOp function, which could...