GHSA-97WC-2HQC-CJGR smallbitvec: Integer overflow in safe API leads to heap buffer overflow

Summary An integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without requiring unsafe code from the caller. Details The issue originates from...

smallbitvec: Integer overflow in safe API leads to heap buffer overflow

Summary An integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without requiring unsafe code from the caller. Details The issue originates from...

Pillow 输入验证错误漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow prior to 12.2.0 contained a vulnerability related to input validation errors. This vulnerability could lead to integer overflow when the advancement of each character in the font was too large...

PT-2026-39309

Name of the Vulnerable Software and Affected Versions smallbitvec affected versions not specified Description An integer overflow occurs during the internal capacity calculation within the buffer lencap function. When the cap variable is close to usize::MAX, unchecked arithmetic causes the value ...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017356)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017356 advisory. buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the Unity...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017358)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017358 advisory. defineAttribute in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the Uni...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017361)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017361 advisory. nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017359 advisory. addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the Unity...

Unity Linux 20.1060e / 20.1070e Security Update: expat (UTSA-2026-017357)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017357 advisory. lookup in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. Tenable has extracted the preceding description block directly from the Unity Linux...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-017375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017375 advisory. Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function. Tenable has extracted the preceding description block directly from the Unity Linux...

Linux Distros Unpatched Vulnerability : CVE-2026-6664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote...

CVE-2026-7973

An integer overflow flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497565944...

CVE-2026-7969

An integer overflow flaw was found in the Network component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497450574...

CVE-2026-7942

An integer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495363705...

CVE-2026-7912

An integer overflow flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497639714...

CVE-2026-7903

An integer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491760376...

CVE-2026-7896

An integer overflow flaw was found in the Blink component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493747582...

CVE-2026-42199

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked...

CVE-2026-42199 Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked...

CLSA-2026-1778260679 vim: Fix of 7 CVEs

CVE-2021-3875: fix mlget error after search with range; clamp ea-line2 to the buffer length in getaddress so out-of-range addresses do not produce an out-of-bounds read exdocmd.c, upstream patch 8.2.3489 - CVE-2022-4293: fix crash when dividing the largest negative integer by -1 in numdivide;...