CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

EUVD-2026-38183

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-36184

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched...

CVE-2026-46521

CVE-2026-46521 affects ImageMagick: a heap buffer over-write in the MIFF encoder when using LZMA compression due to a missing check. Exploitation is local with low complexity and requires user interaction, potentially impacting availability. A patch is available: fixed in ImageMagick versions 6.9...

CVE-2026-46521 ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

PT-2026-45800

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level view other topics authorization. As a result, in forums where users may enter the for...

CVE-2026-45155 Nextcloud: Private circle can be added to another circle via API

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

CVE-2026-20453

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791...

PT-2026-44423

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description An issue allows cross-organization token exchange. The GetTokenExchangeToken function in object/token oauth.go validates JWT signatures but fails to verify if the token's user belongs to the same...

CVE-2026-45953

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmapops-blockssynced is checked in handlestripedirtying. However, later the same check is...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a needthisblock check when the llbitmap bitmap status in the md/raid5 driver is not...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: hfs/hfsplus: Avoid using WARNON for sanity checks; instead, use proper error handling. The commit 55d1cbbbb29e “hfs/hfsplus: Use WARNON for sanity checks” fixed a build warning by converting a comment into a WARNON call...

GHSA-7GG8-QQX7-92G5 ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Due to a missing check in the MIFF decoder a crafted file could cause an infinite loop resulting in CPU exhaustion...

ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Due to a missing check in the MIFF decoder a crafted file could cause an infinite loop resulting in CPU exhaustion...

PT-2026-41802

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds write can occur when using LZMA compression in the MIFF encoder due to a missing check. An out-of-bounds write is a memory corruption issue wher...

CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

CVE-2026-33420

Vaultwarden (Rust) versions 1.35.4 and earlier are affected by a missing has_full_access() authorization check on GET /api/organizations/{org_id}/collections/details, allowing any Manager-role user with accessAll=False and no collection assignments to enumerate all collections’ names, UUIDs, user...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-33601 Insufficient validation of zonemd record

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...