407 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
EUVD-2026-34991
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
CVE-2026-28578
In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-31960
HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...
CVE-2026-24089
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
PT-2026-46984
Name of the Vulnerable Software and Affected Versions TP-Link Tapo C520WS v2 Description A denial-of-service issue exists in the RTSP server component due to improper handling of syntactically invalid input. An attacker can send crafted inputs to trigger a processing error, causing the RTSP servi...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
EUVD-2026-33846
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089 Improper Validation of Syntactic Correctness of Input in Kernel
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089
CVE-2026-24089 describes memory corruption that occurs when processing fastboot commands with invalid input. The NVD entry lists a CVSS v3.1 base score of 7.2 (HIGH) with physical attack vector, low attack complexity, no user interaction, requiring high privileges, and a changed scope. The impact...
PT-2026-45644
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-9521 fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input
A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/stdsmartptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: The BUGON issue has been prevented by validating the rounded allocation size. When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two using rounduppowoftwo. Similarly, for...
Astra Linux - уязвимость в c-ares
A flaw was discovered in the c-ares package. The aressetsortlist function lacks checks for the validity of the input string, which could lead to a stack overflow vulnerability with an arbitrary length. This issue may cause a denial of service or have a limited impact on confidentiality and...