CVE-2026-2703

CVE-2026-2703 affects the xlnt-community xlnt project up to version 1.6.1. The vulnerability resides in the function xlnt::detail::decode_base64 (source/detail/cryptography/base64.cpp) of the Encrypted XLSX File Parser and is caused by an off-by-one flaw introduced by manipulation. The issue requ...

PT-2026-20595

Name of the Vulnerable Software and Affected Versions xlnt versions up to 1.6.1 Description A flaw exists in the xlnt::detail::decode base64 function within the Encrypted XLSX File Parser component, specifically in the source/detail/cryptography/base64.cpp file. This can lead to an off-by-one...

CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

CVE-2026-0665 Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback

Summary The Chrome extension relay ensureChromeExtensionRelayServer previously treated wildcard hosts 0.0.0.0 / :: as loopback, which could make it bind the relay HTTP/WS server to all interfaces when a wildcard cdpUrl was passed. Impact If configured with a wildcard cdpUrl, relay HTTP endpoints...

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sjcl is a Stanford Javascript Crypto Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key b...

Improper Verification of Cryptographic Signature

Overview sjcl is a Stanford Javascript Crypto Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafte...

Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server

Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2024-42516, CVE-2024-47252 CVE-2024-47252 is not exploitable when SSL is not enabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refe...

PT-2026-23524

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.11 Description The software contains an improper network binding issue in the Chrome extension relay server. The server incorrectly handles wildcard hosts, treating them as loopback addresses. This...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the modem.cgi script for INIT, HANGUP, SPEAKERON, SPEAKEROFF, TONEDIAL and PULSEDIAL parameters of the user-supplied data...

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

Off-by-one Error

Overview bacnet-stack is a None Affected versions of this package are vulnerable to Off-by-one Error. via the tokenizerstring function. An attacker can cause a crash by providing a string literal longer than the buffer limit, which leads to a stack overflow when the function incorrectly writes a...

EUVD-2026-5920

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

CVE-2026-21870

The CVE-2026-21870 affects the BACnet Protocol Stack library, specifically versions 1.4.2, 1.5.0.rc2 and earlier. The root cause is an off-by-one, stack-based buffer overflow in the ubasic interpreter’s tokenizer_string function. It mishandles null termination for maximum-length strings, writing ...

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

OESA-2026-1354 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...

OESA-2026-1352 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: An "off by one" bug has been discovered in QEMU's KVM Xen guest support. A malicious client could exploit this vulnerability to trigger an out-of-bounds heap access in the QEMU process vi...