CVE-2022-38083

Improper initialization in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access...

CVE-2023-45679

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

CVE-2021-31435

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-26083

Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...

Apple多款产品 安全漏洞

Apple Safari and others are products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. A security...

SUSE-SU-2026:20064-1 Security update for libpcap

This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in pcapetheraton can lead to out-of-bounds read and write bsc1255765. - CVE-2024-8006: missing return value check in pcapfindalldevsex can lead to NULL pointer dereference...

CVE-2026-22255 iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

EUVD-2026-1671

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

CLSA-2026-1767867153 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

PT-2026-2185

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 contain a heap-buffer-overflow issue in the...

CVE-2026-22188

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation. Supplying a larg...

CVE-2026-22188

Panda3D up to version 1.10.16 is affected by a DoS due to unbounded stack allocation in the deploy-stub. The deploy-stub allocates argv_copy and argv_copy2 with alloca() based on attacker-controlled argc without validation, which can exhaust stack space and crash the process during Python interpr...

CVE-2019-7886

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter

The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000508 advisory. An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data,...

WordPress plugin Unify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000520)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000520 advisory. drivers/gpu/drm/radeon/radeondisplay.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. NOTE: A...

CVE-2026-21677

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1...