6656 matches found
OSV-2026-777 Heap-buffer-overflow in md_is_link_title
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514122612 Crash type: Heap-buffer-overflow READ 1 Crash state: mdislinktitle mdanalyzeinlines mdprocessnormalblockcontents...
OSV-2024-1464 Use-of-uninitialized-value in Splash::compositeBackground
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513891492 Crash type: Use-of-uninitialized-value Crash state: Splash::compositeBackground SplashOutputDev::setSoftMask Gfx::doSoftMask...
OSV-2026-765 Heap-use-after-free in gf_node_get_id
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783541 Crash type: Heap-use-after-free READ 8 Crash state: gfnodegetid lsrreadcommandlist lsrdecodelaserunit...
OSV-2026-760 Heap-buffer-overflow in md_decode_utf8__
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513677122 Crash type: Heap-buffer-overflow READ 1 Crash state: mddecodeutf8 mdskipunicodewhitespace mdlinklabelhash...
OSV-2026-733 Use-of-uninitialized-value in JBIG2Stream::readSymbolDictSeg
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512468082 Crash type: Use-of-uninitialized-value Crash state: JBIG2Stream::readSymbolDictSeg JBIG2Stream::readSegments JBIG2Stream::rewind...
OSV-2026-727 Global-buffer-overflow in md_start_new_block
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512429152 Crash type: Global-buffer-overflow READ 4 Crash state: mdstartnewblock mdparse mdhtml...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the plugin resource endpoints’ ability to read the entire request body into memory, leading to unlimited memory allocation. This could potentially cause...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which arises from the possibility of users continuing to perform operations within a short period after their token permissions for service accounts have been revoked. Thi...
OSV-2026-717 Stack-use-after-scope in enter_block_callback
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511831392 Crash type: Stack-use-after-scope READ 4 Crash state: enterblockcallback mdprocessallblocks mdparse...
CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
OSV-2026-712 Heap-buffer-overflow in Mat_VarGetCellsLinear
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511531637 Crash type: Heap-buffer-overflow READ 8 Crash state: MatVarGetCellsLinear matiostructcellfuzzer.cpp...
Meari Alibaba OSS 安全漏洞
Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...
OSV-2026-703 Heap-use-after-free in js_atomics_op
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=510792185 Crash type: Heap-use-after-free WRITE 4 Crash state: jsatomicsop jscallcfunction JSCallInternal...
OSV-2026-696 Use-of-uninitialized-value in JXRHandler::read
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=510577322 Crash type: Use-of-uninitialized-value Crash state: JXRHandler::read kimgiofuzzer.cc interceptormalloc...
SUSE CVE-2026-43126
In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...
CVE-2026-43126
In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught at disconnecting the device. For avoiding the potential UAF scenarios...
Linux Distros Unpatched Vulnerability : CVE-2026-43126
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending calls might be not always caught ...
PT-2026-37193
Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description The workflow executor logs artifact repository credentials in plaintext during artifact operations. This occurs because the logging driver passes the entire ArtifactDriver struct to the...
CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...
CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...