CVE-2026-3463 xlnt-community xlnt Compound Document binary.hpp append heap-based overflow

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binarywriter::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...

CVE-2026-3463

CVE-2026-3463 affects xlnt-community xlnt up to 1.6.1. The vulnerability lies in xlnt::detail::binary_writer::append within source/detail/binary.hpp of the Compound Document Parser, causing a heap-based buffer overflow. Exploitation is local, and public PoCs/ exploits exist per the provided sourc...

SUSE CVE-2026-3388

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

SUSE CVE-2026-3389

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstdrexnewnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and m...

CVE-2026-0014

In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48644

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48585

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48644

CVE-2025-48644 is described across multiple sources as a DoS issue caused by improper input validation in various locations, enabling a local denial-of-service with no user interaction or additional privileges required. The linked documents consistently frame the impact as a persistent DoS affect...

CVE-2025-48587

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48585

In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-3384

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

CVE-2026-3394

A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloudwav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local...

CVE-2026-3393

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloudwav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be...

CVE-2026-3390

A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patchlineend of the file src/lilybuilderror.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...

CVE-2026-3382

A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::BoxedNumber::getas of the file include/chaiscript/dispatchkit/boxednumber.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit...

CVE-2026-3407

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

CVE-2026-3407

CVE-2026-3407 affects YosysHQ yosys up to 0.62, specifically the function Yosys::RTLIL::Const::set in kernel/rtlil.h of the BLIF File Parser. This vulnerability enables a heap-based buffer overflow and, per the description, may be exploited locally. The exploit has been publicly disclosed. A patc...

Linux Distros Unpatched Vulnerability : CVE-2026-3282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executin...

Linux Distros Unpatched Vulnerability : CVE-2026-3284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the...

Linux Distros Unpatched Vulnerability : CVE-2026-3283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in libvips 8.19.0. This issue affects the function vipsextractbandbuild of the file libvips/conversion/extract.c. The manipulatio...