CVE-2026-8484

The CVE-2026-8484 entry describes a heap buffer overflow in the Jansi JNI"ioctl()" wrapper caused by missing size verification of the argument array before the system call. Affected software is Jansi (JNI wrapper) and, per sources, all versions are believed vulnerable. Consequences stated are hea...

CVE-2026-10725 Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

CVE-2026-49140

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

CVE-2026-49140 Nanobot < 0.2.1 Denial of Service via Matrix Media Download Handler

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

CVE-2026-49140 Nanobot < 0.2.1 Denial of Service via Matrix Media Download Handler

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

EUVD-2026-33760

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurre...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of size checking in the commandfilewrite function of ibmasm, potentially leading to...

CVE-2025-47404 Buffer Copy Without Checking Size of Input in Automotive Audio

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified...

PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...

CVE-2025-70252

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability...

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version Tenda W20E V4.0brV15.11.0.6 contains a security vulnerability. This vulnerability arises from the lack of size validation before connecting to gstup and gstdwn, which may lead to a buffer overflow...

Tenda AC6 安全漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The Tenda AC6V2.0 V15.03.06.23multi version has a security vulnerability. This vulnerability stems from the lack of size checking in the/goform/WifiWpsStart component, which may lead to a stack overflow issue...

PT-2026-21326

Name of the Vulnerable Software and Affected Versions SAIL affected versions not specified Description SAIL is a cross-platform library used for loading and saving images, supporting animation, metadata, and ICC profiles. The software contains a flaw due to the XWD parser's handling of the bytes...

CVE-2018-21065

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.x software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 August 2018...

CVE-2021-0878

In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50282)

drm/amdgpu: add missing size check in amdgpudebugfsgprwaveread Avoid a possible buffer overflow if size is larger than 4K. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...

EUVD-2025-34216

APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution...

EUVD-2019-2375

Malware in sbrugna...

CVE-2024-58259 Rancher affected by unauthenticated Denial of Service

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...

The vulnerability of the sub_3C8EC function in the microprogramming software of the dual-band Wi-Fi amplifier Netgear EX6200 allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sub3C8EC function in the microprogramming software of the dual-band Wi-Fi amplifier Netgear EX6200 is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to influence the confidentiality,...