87 matches found
CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3
urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...
CVE-2026-46263
CVE-2026-46263 is a Linux kernel issue in drm/amd/display where eng_id may index stream_enc_regs beyond its 5-element size, causing out-of-bounds access. The fix adds an explicit bounds check (using ARRAY_SIZE) before indexing stream_enc_regs[eng_id], preventing access when eng_id is ENGINE_ID_DI...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the engid field in the drm/amd/display module. This field may have negative values or values...
SUSE CVE-2026-45878
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper functions were using a signed int and checked bits by shifting with watchid...
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed negative period/buffer sizes The calculation of the period size in the OSS layer may generate a negative value as an error. However, the code there assumes only positive values and handles them using sizet. ...
CVE-2026-43405
In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...
CVE-2026-43405 libceph: Use u32 for non-negative values in ceph_monmap_decode()
In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...
EUVD-2026-17901
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
CVE-2026-30576
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...
CVE-2026-30576
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...
PT-2026-28415
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...
PT-2026-25979
Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...
Oneflow security vulnerabilities
OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a dimension validation flaw in the flow.empty component, which may allow denial-of-service attacks through negative values or excessive...
CVE-2026-24783
soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002263)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002263 advisory. The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause ...
CVE-2018-18206
In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash...
curl: Stack Buffer Overflow in mprintf.c formatting function (fallback path)
Summary A stack-based buffer overflow exists in mprintf.c within the outdouble function. This vulnerability affects builds where HAVESNPRINTF is undefined, forcing the use of the legacy sprintf function. The logic responsible for calculating the maximum safe precision maxprec for floating-point...