GHSA-VG76-XMHG-J5X3 Incus vulnerable to denial of source through crafted bucket backup file

Summary A specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any runnin...

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

SUSE CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

GO-2026-4829 NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server

NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server...

GO-2026-4837 NATS has pre-auth server panic via leafnode handling in github.com/nats-io/nats-server

NATS has pre-auth server panic via leafnode handling in github.com/nats-io/nats-server...

DEBIAN-CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

DEBIAN-CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

UBUNTU-CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

UBUNTU-CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

CVE-2026-32285 Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

EUVD-2026-16347

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32286

CVE-2026-32286 relates to the Go PostgreSQL wire protocol parser (DataRow.Decode) failing to validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic in the affected code path. The issue...

CVE-2026-32284 Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

CVE-2026-32286

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...

CVE-2026-32285

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

EUVD-2026-16345

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...