CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

CVE-2026-33721

MapServer (CVE-2026-33721) has a heap-buffer-overflow in the SLD parser triggered by a crafted SLD containing more than 100 Threshold elements in a ColorMap/Categorize structure, exploitable by an unauthenticated remote attacker via WMS GetMap with SLD_BODY. Affects versions up to 4.2 prior to 8....

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

PT-2026-28466

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2020.02 through 2026.01 Description Home Assistant, an open-source home automation software, contains a flaw where an authenticated user can inject malicious code into a device entity name. This allows for Cross-Site...

PT-2026-28511

Name of the Vulnerable Software and Affected Versions MapServer versions 4.2 through 8.6.0 Description MapServer is a system for developing web-based GIS applications. A heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser allows a remote, unauthenticated attacker to crash...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1073-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1073-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: -...

SUSE-SU-2026:1100-1 Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass...

CVE-2026-26074 EVerest: OCPP201 startup event_queue lock mismatch leads to std::map/std::queue data race

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...

CVE-2026-26074

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible std::map corruption. The trigger is CSMS GetLog/UpdateFirmware request network with an EVSE fault event physical. This results in TSAN reports concurrent access data race to eventqueue...

CVE-2026-26072

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26070

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

CVE-2026-32118

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

CVE-2026-4161

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-33063

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26072

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-26072

EVerest EV charging software stack is affected. Versions prior to 2026.02.0 have a data race on concurrent access to std::mapstd::optional , potentially causing container/optional corruption during EV SoC updates with powermeter periodic updates and unplugging/SessionFinished status. The issue is...

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...