CVE-2026-23413

A flaw was found in the Linux kernel's clsact qdisc. This use-after-free vulnerability occurs due to an asymmetry in the initialization and destruction rollback process. When a replacement clsact qdisc instance fails during initialization, the destroy callback is triggered without properly...

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420

CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...

CVE-2026-23413

The CVE-2026-23413 entry concerns the Linux kernel: a use-after-free in the clsact qdisc during init/destroy rollback caused by asymmetrical initialization between ingress and egress sides. A failed replacement during clsact_init() (e.g., via tcf_block_get_ext()) could leave both ingress and egre...

CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

CVE-2026-29139

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

CVE-2026-29139

SEPPmail Secure Email Gateway (before 15.0.3) is affected. The issue arises from abuse of GINA account initialization to perform an account password reset, enabling an account takeover. The vulnerability affects the password reset/authentication flow and is documented in CVE-2026-29139 as a flaw ...

CVE-2026-29139 GINA State Confusion Account Takeover

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

CVE-2026-29139

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

CVE-2026-29139 GINA State Confusion Account Takeover

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

PT-2026-29703

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

PT-2026-29720

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A use-after-free issue exists in the clsact qdisc during init/destroy rollback asymmetry. This occurs when a clsact instance is fully initialized, and a subsequent replacement fails. The...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the misuse of GINA account initialization functions to rese...

PT-2026-29885

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES IV/AES PASSWORD results in use of hard-coded...

CVE-2026-5314

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbttInitFontinternal in the library stbtruetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stbttInitFontinternal function. An attacker can cause the affected component to become unavailable by supplying a specially crafted TrueType font file that triggers an out-of-bounds read. Workaround This...

CVE-2026-5314

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbttInitFontinternal in the library stbtruetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-5314

CVE-2026-5314 affects the Nothings stb library up to 1.26, specifically the stbtt_InitFont_internal function in stb_truetype.h (TTF File Handler). A manipulation can cause an out-of-bounds read, with remote exploitation possible and the public exploit disclosed. Multiple sources confirm the issue...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...