CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

EUVD-2026-30964

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

Updated bind packages fix security vulnerabilities

It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly CVE-2025-13878. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-on...

CLSA-2026-1779204531 gdk-pixbuf2: Fix of CVE-2026-5201

CVE-2026-5201: fix heap buffer overflow due to unvalidated JPEG color component count in gdkpixbufjpegimageload...

Algernon: handler.lua discovery walks parent directories above the server root

Summary When Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancest...

OPENSUSE-SU-2026:20771-1 Security update for perl-YAML-Syck

This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - updated to 1.450.0 1.45 Bug Fixes - Fix: use syckbase64free to fix Windows "Free to wrong pool" crash in base64 encode/decode buffers; also plugs a memory leak PR 189 - Fix: clear type tag on blessed scalar...

kernel: dm: fix NULL pointer dereference in __dm_suspend()

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

kernel: dm: fix NULL pointer dereference in __dm_suspend()

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

KiTTY 安全漏洞

KiTTY is a lightweight telnet and Windows SSH client. Kitty versions 0.46.2 and earlier have a security vulnerability caused by a heap buffer overflow in loadimagedata. This vulnerability allows processes that write to the terminal stdin to trigger a crash through the APC graphical protocol...

PT-2026-41985

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A heap buffer overflow exists in the load image data function. This occurs when a process writes to the terminal's stdin using a single APC graphics protocol command with a PNG format declaration f=10...

CVE-2026-8261

A flaw was found in Squirrel. A local attacker could exploit a heap-based buffer overflow vulnerability, which occurs when a program writes more data to a memory buffer than it can hold. This flaw, specifically affecting the SQFunctionProto::Load function within squirrel/sqobject.cpp, could lead ...

CLEANSTART-2026-SW24654 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283 applied in versions: 3.2.1-r0

Multiple security vulnerabilities affect the aws-load-balancer-controller package. These issues are resolved in later releases. See references for individual vulnerability details...

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

CLSA-2026-1779095842 memcached: Fix of CVE-2021-37519

CVE-2021-37519: heap buffer overflow in authfileload when the auth file lacks a trailing newline; missing bounds check on fgets and missing NUL check in the user-entry parse loop allow local DoS via a crafted --auth-file...

CVE-2026-6495

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-6495

The CVE-2026-6495 entry concerns the Ajax Load More WordPress plugin and a Reflected XSS vulnerability in versions before 7.8.4 , caused by failure to sanitize/escape a parameter before output . This could affect high-privilege accounts (e.g., admins) if an attacker can induce the vulnerable para...

CVE-2026-6495 Ajax Load More < 7.8.4 - Reflected XSS

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-6495 Ajax Load More < 7.8.4 - Reflected XSS

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...