34258 matches found
CVE-2026-6846
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...
CVE-2026-6846
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...
CVE-2026-6846
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...
[SECURITY] Fedora 43 Update: python-cbor2-5.6.5-8.fc43
This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...
SUSE CVE-2026-6746
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
SUSE CVE-2026-6771
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
CVE-2026-41145
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...
CVE-2026-6774
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
CVE-2026-6771
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
CVE-2026-6764
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...
CVE-2026-6762
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
CVE-2026-41145
MinIO contains an authentication bypass in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path, affecting releases prior to RELEASE.2026-04-11T03-20-12Z. An attacker with a valid access key (including default minioadmin or any key with WRITE on a bucket) can write objects to any bucket without a val...
CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...
PT-2026-34333
An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...
IceWarp 跨站脚本漏洞
IceWarp is an integrated enterprise communication and collaboration platform developed by the Czech company IceWarp. It aims to provide organizations with various tools and features to support internal and external communication, collaboration, and business processes. Version IceWarp 11.0.0.0...
PT-2026-34596
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.5.0 Description A Stored DOM XSS Cross-Site Scripting issue exists in the backup module. An attacker can manipulate the filename field using an SQL file to inject a hidden XSS payload, potentially leading to full...
PT-2026-34602
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOM ELEMENT HANDLING option, a prior prototype...
PT-2026-34426
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The module loader fails to verify the bounds of the ELF section index within the simplify symbols function. A symbol containing an out-of-bounds st shndx value, such as those defined as...