objdump-dlx-calc-poc

objdump dlx calc poc Small repro for an objdump -g crash-to...

CVE-2026-48111 GHSL-2026-121 7-Zip UEFI DEPEX OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

EUVD-2026-34287

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-48682

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...

openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20730-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20730-1 advisory. Changes in apptainer: - Fix CVE-2026-34986 bsc1262956 github.com/go-jose/go-jose/[email protected] CVE-2026-33186 GO-2026-4762 bsc1260311...

GHSA-F8QV-7X5W-QR48 free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types

Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

BIT-JRE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

PT-2026-39255

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The NRF root SBI endpoint "POST /oauth2/token" contains a parser-level type-confusion bug. The handler in NFs/nrf/internal/sbi/api accesstoken.go uses reflection over...

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques bsc1262115. CVE-2026-5795: Fixed JaspiAuthenticator broken access control...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion in the Parser process. An attacker can cause process termination and denial of service by submitting a specially crafted, deeply nested input that exhausts the stack and triggers a...

CVE-2026-7425 Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP

Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...

EUVD-2026-26277

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...

PT-2026-33733

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse openai plugin json to tool bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery...

EUVD-2026-22128

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

PT-2026-32395

Name of the Vulnerable Software and Affected Versions HAProxy versions 2.6 through 3.3.5 Description The HTTP/3 parser fails to verify that the received body length aligns with a previously announced content-length when a stream is closed using a frame with an empty payload. This discrepancy can...

Important: gstreamer1-plugins-bad-free

Issue Overview: Various out-of-bounds reads and writes in the DVB subtitle decoder that can cause crashes for certain input files. CVE-2026-2923 GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...