PT-2026-40058

The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...

stb 安全漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 2.30 contained security vulnerabilities, which stemmed from incorrect operations on the stbigifloadnext function in the stbimage.h file, potentially leading to heap buffer overflows...

CVE-2026-3950

CVE-2026-3950 affects strukturag libheif up to 1.21.2. The issue occurs in Track::load (libheif/sequences/track.cc, stsz/stts) and causes an out-of-bounds read. Exploitation requires local access; exploit code is publicly available. A patch exists but is unofficial/not officially approved. Remedi...

MiracleLinux 4 : bind-dyndb-ldap-1.1.0-0.9.b1.0.1.AXS4 (AXSA:2012-575:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-575:02 advisory. This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP serve...

Linux Distros Unpatched Vulnerability : CVE-2017-16794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pngload function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attacker...

SUSE CVE-2017-16796

In SWFTools 0.9.2, the pngload function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service invalid write and application crash or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...

UBUNTU-CVE-2021-37789

stbimage.h 2.27 has a heap-based buffer over in stbijpegload, leading to Information Disclosure or Denial of Service...

PYSEC-2021-87

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

qemu: virtio: out-of-bounds buffer write on invalid state load

The virtioload function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write...