CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

CVE-2026-33699

CVE-2026-33699 affects the pypdf library (Python), with versions prior to 6.9.2 vulnerable to an infinite loop when reading a PDF in non-strict mode. The root cause is within DictionaryObject.read_from_stream processing, leading to potential hang. A fix is available in pypdf 6.9.2, and multiple O...

EUVD-2018-6698

Malware in sbrugna...

CVE-2023-3825

PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a...

Oracle VirtualBox crServerDispatchGetCombinerStageParameterfvNV Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2018-14814

WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object...