CVE-2026-32875

A flaw was found in UltraJSON, a fast JSON encoder and decoder. This vulnerability allows a remote attacker to cause a denial of service DoS by providing a specially crafted large positive or negative indent value to the JSON serialization functions. This can lead to a buffer overflow, causing th...

CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

EUVD-2026-13139

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the remotewrite HTTP handler not enabled by default. An attacker can cause excessive memory allocation by sending specially crafted HTTP requests, potentially leading to service disruption...

GHSA-5VRW-QJXW-89R5 Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the remotewrite HTTP handler not enabled by default. An attacker can cause excessive memory allocation by sending specially crafted HTTP requests, potentially leading to service disruption...

CVE-2026-26931

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

CVE-2026-26940

The CVE concerns Kibana’s Timelion visualization plugin, where improper validation of a specified quantity (input) by an authenticated user can cause a Denial of Service through excessive allocation. The underlying issue is validated quantity handling leading to overwriting internal series data p...

CVE-2026-26931

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

CVE-2026-26931

CVE-2026-26931 affects Metricbeat’s Prometheus remote_write HTTP handler. The issue is a memory allocation with an excessive size value, leading to Denial of Service. Public references (OSV/GHSA/Nessus) describe Metricbeat (8.0.x–8.19.12/9.0.x–9.2.4 ranges) as affected and indicate remediation by...

Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...

EUVD-2026-13099

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

CVE-2026-4426

CVE-2026-4426 concerns libarchive’s zisofs decompression logic where an ISO9660 Rock Ridge extension field pz_log2_bs is not properly validated. This Undefined Behavior can lead to incorrect memory allocation and a denial-of-service via crafted ISO files, with remote attack vector and user intera...

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

nvme: fix memory allocation in nvme_pr_read_keys()

...

USN-8103-2: Exiv2 regression

USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...