6963 matches found
CVE-2026-24682
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...
CVE-2026-24682 FreeRDP has a Heap-buffer-overflow in audio_formats_free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...
CVE-2026-24682
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...
CVE-2026-24682 FreeRDP has a Heap-buffer-overflow in audio_formats_free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...
CVE-2026-24682
CVE-2026-24682 affects FreeRDP prior to 3.22.0, where audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), causing an out-of-bounds access in audio_formats_free. Alpine and Debian advisories corroborate the same description. The issue is fixed in version ...
OSV-2026-209 Use-of-uninitialized-value in ntrip_parse_url
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482281265 Crash type: Use-of-uninitialized-value Crash state: ntripparseurl FuzzClient.c...
PT-2026-7150
Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.13.5 Description The mergeConfig function in the Axios library is susceptible to crashing when processing configuration objects that include proto as an own property. An attacker can exploit this by sending a speciall...
Security Bulletin: qs parse module DoS vulnerability: arrayLimit bypass via bracket notation allows memory exhaustion (qs < 6.14.1)
Summary An input validation flaw in qs 6.14.1 allows attackers to bypass arrayLimit using bracket notation a=x, leading to unauthenticated HTTP denial-of-service via memory exhaustion. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse...
OSV-2026-203 Segv on unknown address in glslang::TIntermediate::addSymbol
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481635421 Crash type: Segv on unknown address Crash state: glslang::TIntermediate::addSymbol glslang::HlslParseContext::handleFunctionCall glslang::HlslParseContext::transformEntryPoint...
Linux Distros Unpatched Vulnerability : CVE-2025-58190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an...
AZL-76811 CVE-2025-58190 affecting package yq 4.45.1-1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76901 CVE-2025-58190 affecting package cni-plugins 1.4.0-4
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77064 CVE-2025-58190 affecting package packer 1.9.5-11
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76913 CVE-2025-58190 affecting package containerized-data-importer 1.62.0-1
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77010 CVE-2025-58190 affecting package kube-vip-cloud-provider 0.0.10-4
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76925 CVE-2025-58190 affecting package dasel 2.8.1-2
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76889 CVE-2025-58190 affecting package cloud-provider-kubevirt 0.5.1-2
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76827 CVE-2025-58190 affecting package cert-manager for versions less than 1.11.2-27
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77000 CVE-2025-58190 affecting package keda 2.14.1-9
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77093 CVE-2025-58190 affecting package sriov-network-device-plugin 3.7.0-4
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...