3471 matches found
Astra Linux – Vulnerability in espeak-ng
It was discovered that Espeak-ng 1.52-dev contains a Floating Point Exception due to the use of the PeaksToHarmspect function in wavegen.c...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparenting the GPU clock during frequency changes The H616 manual does not indicate that the GPU PLL supports dynamic frequency configuration. Therefore, we must be extra careful when changing the frequency...
Astra Linux – Vulnerability in espeak-ng
It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Underflow due to the CountVowelPosition function in synthdata.c...
CLSA-2026-1779130594 procps-ng: Fix of CVE-2023-4016
CVE-2023-4016: fix possible buffer overflow in ps -C option...
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...
CVE-2026-37630
A flaw was found in QuickJS-NG. An attacker can exploit an issue within the jsmappedargumentsmark function to execute arbitrary code. This vulnerability allows for unauthorized code execution, potentially leading to a complete compromise of the affected system...
EUVD-2026-29291
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...
CVE-2026-42312
pyload-ng contains a vulnerability (CVE-2026-42312) where a non-admin user with SETTINGS permission can disable TLS peer/hostname verification by setting general.ssl_verify off. The root cause is that the option is not in the ADMIN_ONLY_CORE_OPTIONS allowlist, so set_config_value() writes are all...
CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...
CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...
CVE-2026-42313
Summary of CVE-2026-42313 / pyload-ng: A non-admin user with SETTINGS permission can enable a proxy and point pyload at any attacker-controlled host, causing all outbound traffic (downloads, captcha fetch, update checks, plugin HTTP calls) to be routed through that attacker. The vulnerability ste...
CVE-2026-37630
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...
PT-2026-39832
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js mapped arguments mark function...
CVE-2026-37630
The connected sources confirm a vulnerability in QuickJS-NG v0.12.1 that allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function. Impact per metrics is CVSS v3.1 base score 7.3 (HIGH), with network attack vector, low complexity, no privileges required, and no user i...
CVE-2026-37630
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...
CVE-2026-37630
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...
PaperCut NG < 25.0.11 Path Traversal (CVE-2026-6418)
The version of PaperCut NG installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...
@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)
@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: SNYK:JS-ANGULARSSR-16438975...
@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)
@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...