1876 matches found
OESA-2026-1946 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a...
Vikunja has File Size Limit Bypass via Vikunja Import
Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...
GHSA-QH78-RVG3-CV54 Vikunja has File Size Limit Bypass via Vikunja Import
Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...
CLSA-2026-1775809438 nbdkit: Fix of CVE-2025-47711
CVE-2025-47711: fix off-by-one for maximum blockstatus length...
PT-2026-31953
Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...
PT-2026-31720
Name of the Vulnerable Software and Affected Versions wolfcrypt affected versions not specified Description Two potential heap out-of-bounds write locations existed in the DecodeObjectId function within wolfcrypt/src/asn.c. The first issue arises because a bounds check validates only one availabl...
CVE-2026-3600
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2026-3600
The CVE concerns the WordPress plugin Investi . It is vulnerable to Stored Cross-Site Scripting via the shortcode attribute maximum-num-years in the investi-announcements-accordion shortcode, affecting versions up to and including 1.0.26 . The root cause is insufficient input sanitization and out...
CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...
CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' shortcode's 'maximum-num-years' attribute in all versions up to, and including, 1.0.26. This is due to insufficient input sanitization and output escaping on user-supplied...
PT-2026-31076
Name of the Vulnerable Software and Affected Versions Investi plugin for WordPress versions up to and including 1.0.26 Description The Investi plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'maximum-num-years' attribute of the 'investi-announcements-accordion'...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006710)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006710 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a ver...
WordPress Investi plugin <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Investi versions = 1.0.26...
rdiscount has an Out-of-bounds Read
Summary A signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process Details In both...
GHSA-6R34-94WQ-JHRC rdiscount has an Out-of-bounds Read
Summary A signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process Details In both...
Beamforming Feedback As a Novel Attack Surface for Wi-Fi Physical-Layer Security
With the rapid evolution of wireless technologies, Wi-Fi has expanded beyond its original role in data transmission to support various emerging applications, particularly in physical-layer security, including device authentication, user authentication, and secret key generation. Despite extensive...
GHSA-CQFX-GF56-8X59 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers
Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers
Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...
PT-2026-29606
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Prior to version 3.13.4, AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, read the entire multipart form field into memory before checking the client max size limit. Thi...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...