EUVD-2026-35902

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

GHSA-XVFQ-4Q6Q-GXX7 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

EUVD-2026-35853

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

EUVD-2026-35852

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

EUVD-2026-35883

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

CVE-2026-41726

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

CVE-2026-41721

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

PT-2026-48377

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5243 Description A buffer overflow occurs, which is a condition where a program writes more data to a block of memory than it is allocated to hold. Remote attackers can exploit this issue to modify memory...

PT-2026-48573

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-25 Description A memory leak occurs when invalid options are provided to the wand option parser. A memory leak is a failure in a program to release discarded memory, causing performance degradation or...

PT-2026-48560

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash denial of service...

PT-2026-48530

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the protocol parser. A malicious broker or machine-in-the-middle attacker can exhaust memory or hang connections by sending a crafted 4-byte frame length valu...

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

PT-2026-48527

Name of the Vulnerable Software and Affected Versions CometD versions 5.0.x CometD versions 6.0.x CometD versions 8.0.x Description Improper handling of the acknowledgement extension allows malicious clients to cause a server outage. By consistently sending a fixed batch value in the ext paramete...

PT-2026-48603

internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobile bundle.go:40 use the manager for one Sig...

EulerOS 2.0 SP13 : mesa (EulerOS-SA-2026-2301)

According to the versions of the mesa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an...

CentOS 9 : libsolv-0.7.24-6.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libsolv-0.7.24-6.el9 build changelog. - A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker- controlled compressed data within .solv files...

RHEL 7 : firefox (RHSA-2026:24983)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24983 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-34183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A...