125 matches found
CVE-2026-9746
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which arises from triggering invariant...
GHSA-Q3FM-4WCW-G57X vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter
Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...
vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter
Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...
PT-2026-47577
Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...
RUSTSEC-2026-0116 Improper check of an invariant resulting in incorrect bounds checks
A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...
CVE-2026-34066
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
EUVD-2026-25064
nimiq-blockchain: Peer-triggerable panic during history sync...
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
CVE-2026-40583 UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred...
CVE-2026-40583
UltraDAG (Rust, version 0.1) has a vulnerability where a non-council attacker can submit a signed SmartOp::Vote, passing signature/nonce/balance prechecks, but authorization fails only after state mutation has occurred. This leads to a fatal supply invariant halt per CVE-2026-40583. The issue is ...
GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)
Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...
Poseidon V1 variable-length input collision via implicit zero-padding
Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...
CVE-2026-29795
stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...
CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation
stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...
PT-2026-23612
Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...
libpng: LIBPNG buffer overflow
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALPHA enabled. The palette compositing code in pnginitreadtransformations incorrectly applies background compositing during...
libpng: LIBPNG buffer overflow
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALPHA enabled. The palette compositing code in pnginitreadtransformations incorrectly applies background compositing during...
libpng: LIBPNG buffer overflow
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALPHA enabled. The palette compositing code in pnginitreadtransformations incorrectly applies background compositing during...