CVE-2025-56226

Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the mpegl3encode.c file...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001703 advisory. An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to...

MiracleLinux 9 : cloud-init-24.4-4.el9_6.3.ML.1 (AXSA:2025-10645:08)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10645:08 advisory. cloud-init: Cloud init permissions flaw CVE-2024-6174 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

ROS-20260113-7338

A vulnerability in the dcn30inithw function of the drivers/gpu/drm/amd/display/dc/dcn30/dcn30hwseq.c module of the AMD graphics card Direct Rendering Infrastructure DRI support driver of the Linux operating system kernel is related to pointer dereferencing. Exploitation of the vulnerability could...

MiracleLinux 9 : kernel-5.14.0-611.9.1.el9_7 (AXSA:2025-11506:95)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11506:95 advisory. kernel: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 kernel: sunrpc: fix client side handling of tls alerts...

MiracleLinux 8 : cloud-init-23.4-7.el8_10.10.ML.1 (AXSA:2025-10524:06)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10524:06 advisory. cloud-init: Cloud init permissions flaw CVE-2024-6174 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

CVE-2026-22255

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

CVE-2022-38556

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh...

CVE-2022-38853

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asfinitaudiostream of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1...

CVE-2017-12804

The iwgifinitscreen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service hmemory exhaustion via a crafted file...

CVE-2026-22255 iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium. A security vulnerability exists in iccDEV prior to version 2.3.1.2, which stems from a heap buffer overflow in the CIccCLUT::Init function that could lead to memory corruption...

Amazon Linux 2023 : ecs-init (ALAS2023-2025-1341)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1341 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

CVE-2025-13529

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

CVE-2026-21677

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1...

Medium: ecs-init

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...