CVE-2026-45967

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

UBUNTU-CVE-2026-45967

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

CVE-2026-45967 bpf: Return proper address for non-zero offsets in insn array

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks

In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph-len already contains its offset, so use it to fix the problem...

PT-2026-43834

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The map direct value addr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolve pseudo ldimm...

JLSEC-2026-536

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

PT-2026-47101

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

ROS-20260524-73-0026

Vulnerability in docker-ce related to a single offset error. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

CVE-2026-5755

CVE-2026-5755 affects Mattermost releases 11.6.x up to 11.6.0, 11.5.x up to 11.5.2/11.5.3, 11.4.x up to 11.4.4, and 10.11.x up to 10.11.14. The issue arises from failure to validate the TIFF IFD offset in the image header before memory allocation, allowing authenticated users with file upload or ...

CVE-2026-48233

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

CVE-2026-48233

The CVE-2026-48233 issue affects Open ISES Tickets prior to 3.44.2, where the GET offset parameter is concatenated into the LIMIT clause in ajax/sit_incidents.php, enabling SQL injection. This requires authentication and is exploitable via crafted requests over the network, potentially allowing a...

EUVD-2026-31313

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

CVE-2026-48233

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

CVE-2026-48232

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...

CVE-2026-48232

Open ISES Tickets prior to version 3.44.2 contains a SQL injection in ajax/fullsit_incidents.php where the offset parameter from GET is directly concatenated into the LIMIT clause without sanitization. Authenticated attackers can craft requests to alter query semantics, potentially reading, modif...