CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-6691

A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...

CVE-2026-35215

A flaw was found in Firebird. In the sdldesc function, a division by zero vulnerability exists due to improper validation of the length of a decoded SDL descriptor from a slice packet. An unauthenticated attacker can exploit this by sending a specially crafted slice packet, leading to a server...

CVE-2026-35029

A flaw was found in LiteLLM, an AI Gateway proxy server. An authenticated user can exploit a missing authorization check on the /config/update endpoint. This allows the user to modify proxy configurations and environment variables, leading to remote code execution by registering custom endpoint...

CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

ALPINE-CVE-2021-32675

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to user-specified values which determine the number of elements in the multi-bulk header and size of each element in the bulk header. ...