SQL Injection

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to SQL Injection via the deletebymetadata function in the clickhouse backend. An attacker can execute unintended SQL commands by supplying malicious metadata keys and...

CVE-2026-46046

A flaw was found in the Linux kernel's ext4 filesystem. A reference count refcount leak occurs in the ext4xattrinodedecrefall function. This issue arises because the iloc.bh buffer head, acquired by ext4getinodeloc, is not properly released with brelse. This can lead to resource exhaustion or...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation through the AuthHelper SSO setup flow in the auth helper pipeline. An attacker can link a Sentry account to a different identity by supplying an IdP assertion email that resolves to another user during provider setup...

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

ROS-20260414-73-0037

Vulnerability in kernel-lt related to lack of memory release after effective lifetime. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the despeckle operation. An attacker can cause a heap buffer overflow on 32-bit builds by processing specially crafted image files. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-0639

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory...

PT-2026-25628

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the decode0x0805 function of the CRW image parser. An attacker can cause the application to read memory outside the bounds of an allocated buffer by providing a specially crafted CRW image file. Remediation A fix w...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the formatIPTC function. An attacker can cause the application to enter an infinite loop and exhaust system resources by supplying a malicious image profile containing invalid IPTC data. Remediation A fix was pushed int...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an...

ROS-20260202-73-0021

Vulnerability in kernel-lt related to lack of memory release after effective lifetime. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the soupmessageheaderssetcontentdisposition function. An attacker can inject arbitrary HTTP headers by supplying specially crafted input containing CRLF sequences to the Content-Disposition header. Remediation A fix w...

CVE-2026-24825

CVE-2026-24825 describes a memory-leak issue in the ydb-platform/ydb stack, linked to the contrib/libs/yajl modules (yail_tree.C). Affected are ydb versions up to 24.4.4.2. The vulnerability is characterized as Missing Release of Memory after Effective Lifetime, with impact described as potential...

SUSE CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An...

WordPress My auctions allegro cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress My auctions allegro, which stems from improper input neutralization, and no detailed vulnerability details are provided ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to release a lock when stclkregisterquadfspll fails, which could lead to a memory leak...

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...