ROS-20260114-7318

A vulnerability in the iomapwritedelallocscan function of the Linux kernel is related to the execution of a loop with an unreachable exit condition as a result of numeric truncation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2026-2265

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to period...

Microsoft Excel 数字错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft Corporation USA. A numeric error vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to remotely execute code. The following products and editions are affected: Microsoft Offi...

GHSA-RVJX-CFJH-5MC9 loggingredactor converts non-string types to string types in logs

Impact Non-string types are converted into string types, leading to type errors in %d conversions. Patches The problem has been patched in version 0.0.6. Workarounds None without patching. Resources Issue report: https://github.com/armurox/loggingredactor/issues/7 Release:...

EUVD-2026-0974

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729...

iccDEV 数字错误漏洞

iccDEV is an open source color configuration code library from the International Color Consortium ICC. A numeric error vulnerability exists in iccDEV version 2.3.1.1 and earlier, which stems from an out-of-bounds read and integer underflow in the CIccCalculatorFunc::SequenceNeedTempReset function...

EUVD-2026-0872

Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12...

EUVD-2026-0120

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2026-0406

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2025-204803

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

CVE-2025-40351

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in hfsplusdeletecat: 70.682285 T9333 ===================================================== 70.682943 T9333 BUG: KMSAN: uninit-value in...

Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

CVE-2025-66553

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

CVE-2025-66515

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

Microsoft Hyper-V 数字错误漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

CVE-2025-66556 Nextcloud talk allows participants to blindly delete poll drafts of other users by ID

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

EUVD-2025-201457

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...

PT-2025-49301

Name of the Vulnerable Software and Affected Versions Nextcloud talk versions prior to 20.1.8 Nextcloud talk versions prior to 21.1.2 Description A participant with chat permissions could delete poll drafts of other participants within a conversation by using their numeric ID. This issue affects...

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...