3 matches found
CVE-2026-56109
The CVE concerns ALSA Library prior to 1.2.16.1, where a double-free occurs in parse_def() (src/conf.c) due to not validating return values when parsing nested compound or array configuration blocks. This can cause snd_config_delete() to be invoked twice on an already-freed node, leading to NULL-...
PT-2026-51365
Name of the Vulnerable Software and Affected Versions ALSA library versions prior to 1.2.16.1 Description A double-free issue exists in the parse def function within src/conf.c. This occurs when the system parses nested compound or array configuration blocks and fails to check return values befor...
Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix
Patch Bypass Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2 Summary The Object.createnull fix introduced in Axios 1.15.2 GHSA-q8qp-cvcw-x6jj protects the top-level config object from prototype pollution. However, nested objects created...