8703 matches found
CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...
EUVD-2026-17531
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-24148
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data...
CVE-2026-24148
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data...
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
CVE-2026-5087
CVE-2026-5087 affects PAGI::Middleware::Session::Store::Cookie for Perl, versions up to 0.001003. The root cause is that the store reads random bytes directly from /dev/urandom; if that device is unavailable (e.g., on Windows), it issues a warning and falls back to using the built-in rand() funct...
PT-2026-29290
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails for example, on systems without the device, such as Windows, then it...
NVIDIA Jetson for JetPack 安全漏洞
NVIDIA Jetson for JetPack is a software suite provided by NVIDIA Corporation in the United States, which offers development tools and operating environments for embedded AI computing platforms. NVIDIA Jetson for JetPack has a security vulnerability, which stems from issues with the system...
PAGI::Middleware::Session::Store::Cookie 安全漏洞
PAGI::Middleware::Session::Store::Cookie is a middleware component developed by JJNAPIORK, designed to store session data using cookies. Versions of PAGI::Middleware::Session::Store::Cookie 0.001003 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure...
SUSE-SU-2026:20962-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. bsc1257960 - CVE-2025-9820: Fixed a buffer overflow in gnutlspkcs11tokeninit. bsc1254132 - Add the functionality to allow to specify the hash algorith...
OPENSUSE-SU-2026:20446-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. bsc1257960 - CVE-2025-9820: Fixed a buffer overflow in gnutlspkcs11tokeninit. bsc1254132 - Add the functionality to allow to specify the hash algorith...
Linux Distros Unpatched Vulnerability : CVE-2026-23305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could ...
CVE-2026-27828
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...
CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import
Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...
ROS-20260327-73-0014
Vulnerability in opentelemetry-collector-contrib related to incorrect resource initialization. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
Prototype Pollution
Overview convict is a package that expands on the standard pattern of configuring node.js applications in a way that is more robust and accessible to collaborators, who may have less interest in digging through imperative code in order to inspect or modify settings. By introducing a configuration...
GHSA-HF2R-9GF9-RWCH Convict has prototype pollution via load(), loadFile(), and schema initialization
Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. config.load / config.loadFile — overlay recursively merges config data without checking for forbidden keys. Input containing proto or constructor.prototype e.g. from a JSON file causes the recursion to reach...
Convict has prototype pollution via load(), loadFile(), and schema initialization
Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. config.load / config.loadFile — overlay recursively merges config data without checking for forbidden keys. Input containing proto or constructor.prototype e.g. from a JSON file causes the recursion to reach...
CVE-2026-27828
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118chargerImpl::handlesessionsetup uses v2gctx after it has been freed when ISO15118 initialization fails e.g., no IPv6 link-local address. The EVSE process can be crashed remotely by an attacker with MQTT access who issue...