OESA-2026-1835 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run...

Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion

Large language models remain vulnerable to jailbreak attacks -- inputs designed to bypass safety mechanisms and elicit harmful responses -- despite advances in alignment and instruction tuning. We propose Head-Masked Nullspace Steering HMNS, a circuit-level intervention that i identifies attentio...

PT-2026-36059

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description The OpenFlow v5 protocol dissector contains a flaw that can lead to infinite loops, resulting in a denial of service. Recommendations Update Wireshark...

PT-2026-36058

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description An infinite loop in the OpenFlow v6 protocol dissector can lead to a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to...

CVE-2026-35599

Summary: CVE-2026-35599 affects Vikunja prior to version 2.3.0, where addRepeatIntervalToTime uses an O(n) loop to advance a date by RepeatAfter until it passes now. When a repeating task uses a 1-second interval and an old due_date, this can trigger billions of iterations, causing high CPU usage...

GHSA-R4FG-73RC-HHH7 Vikunja has Algorithmic Complexity DoS in Repeating Task Handler

Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...

Fedora: Security Advisory (FEDORA-2026-840b40ef4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-5392

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

CVE-2026-5392

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

OPENSUSE-SU-2026:20487-1 Security update for zlib

This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths. bsc1258392 - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in...

SUSE-SU-2026:21013-1 Security update for zlib

This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths. bsc1258392 - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in...

SUSE-SU-2026:21151-1 Security update for zlib

This update for zlib fixes the following issues: - CVE-2026-27171: Fixed an infinite loop via the crc32combine64 and crc32combinegen64 functions due to missing checks for negative lengths. bsc1258392 - CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in...

CVE-2026-39934

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

EUVD-2026-20763

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

CVE-2026-40026

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

DEBIAN-CVE-2026-40026

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

UBUNTU-CVE-2026-40026

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...