NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...

Linux Distros Unpatched Vulnerability : CVE-2026-46289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/scatterlist: fix length calculations in extractkvectosg Patch series Fix bugs in extractitertosg, v3. Fix bugs in the kvec and user variants of...

CVE-2026-7183

The CVE-2026-7183 entry affects aligungr UERANSIM (up to version 3.2.7), specifically the rls_pdu.cpp DecodeRlsMessage function in the Radio Link Simulation Layer. The issue arises from manipulation of the pduLength argument, causing an uncaught exception. Exploitability is described as remote. T...

CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...

CVE-2026-31623

The CVE-2026-31623 issue affects the Linux kernel net: usb: cdc-phonet driver. A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-page bulk transfers in rx_complete(). The consequence described is a ...

EUVD-2026-25516

In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags overflow in rxcomplete A malicious USB device claiming to be a CDC Phonet modem can overflow the skbsharedinfo-frags array by sending an unbounded sequence of full-page bulk transfers. Drop the...

PT-2026-34975

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A malicious USB device claiming to be a CDC Phonet modem can cause an overflow of the skb shared info-frags array in the rx complete function by sending an unbounded sequence of full-pag...

PT-2026-34968

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the USB gadget Phonet function where a USB host can cause an overflow of the skb shared info-frags array. This occurs when the host sends an unbounded sequence of...

EUVD-2026-24618

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

UBUNTU-CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

PT-2026-32048

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.23 Description The Net::CIDR::Lite Perl module before version 0.23 does not properly validate the IPv6 group count, potentially allowing a bypass of IP Access Control Lists ACLs. Recommendations Update to...

GHSA-2C6H-4899-WJXR scaly: Multiple soundness issues in Rust safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

libcrux Panics During Standalone MAC Operations

An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...

SUSE CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005496 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcpcsend. syzbot reported the splat below. 0 vccsendms...

kernel: Linux kernel: be2net buffer overflow in be_get_module_eeprom

A flaw was found in the Linux kernel's be2net driver. This vulnerability allows a buffer overflow via incorrect buffer length handling in becmdreadporttransceiverdata...

RUSTSEC-2026-0080 Multiple soundness issues in `scaly` safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...