16572 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-71266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: ntfs3: check return value of indxfind to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ATTRLIST attribute of zero size, potentially triggering an infinite loop and leading to a...
GO-2026-4526 Infinite loop in github.com/antchfx/xpath
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop due to the logicalQuery.Select process. An attacker can cause excessive CPU consumption and denial of service by submitting specially crafted Boolean XPath expressions that always evaluate to true, such as "1=1" or "true"...
music-metadata has an infinite loop vulnerability in ASF parser
Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...
GHSA-V6C2-XWV6-8XF7 music-metadata has an infinite loop vulnerability in ASF parser
Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...
Infinite loop
Overview music-metadata is a Music metadata parser for Node.js, supporting virtual any audio and tag format. Affected versions of this package are vulnerable to Infinite loop through the parseExtensionObject process in the ASF parser when handling a sub-object with objectSize = 0. An attacker can...
CVE-2026-25771
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...
CLSA-2026-1773768935 Fix CVE(s): CVE-2026-25968, CVE-2026-25986, CVE-2026-25987
SECURITY UPDATE: stack buffer overflow in MSL opacity attribute parser - debian/patches/CVE-2026-25968.patch: replace fixed-size stack buffer with heap-allocated string and add length check - CVE-2026-25968 SECURITY UPDATE: heap buffer overflow write in YUV 4:2:2 image processing -...
SUSE-SU-2026:0906-1 Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...
Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...
EUVD-2026-12566
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
GHSA-8X34-9Q3V-H7G8 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
PYSEC-2026-17
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
CVE-2026-30911
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
CVE-2026-30911 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
CVE-2026-30911
CVE-2026-30911 affects Apache Airflow versions 3.1.0–3.1.7, where the Execution API’s Human-in-the-Loop (HITL) endpoints lack proper authorization. This allows any authenticated task instance to read, approve, or reject HITL workflows belonging to other task instances. Root cause: missing access ...
CVE-2026-30911
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...