CVE-2026-45613

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

CVE-2026-45613 Rizin: Heap-buffer-overflow in OMF parser

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

CVE-2026-49383

JetBrains IntelliJ IDEA prior to 2026.1 has a low-severity issue in the UI Designer form parser (xXE) that is locally exploitable with user interaction required. The CVSS 3.1 vector indicates Local access, Low complexity, no privileges, with Confidentiality impact Low and no impact on Integrity/A...

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

EUVD-2026-33391

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

RLSA-2026:19148 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

glib2 security update

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and...

CVE-2026-44378

A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

OESA-2026-2467 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative siz...

CVE-2026-45619 AVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...

Vulnerabilities in Oracle Database Server

Oracle has identified vulnerabilities in Oracle REST Data Services versions 24.2.0 to 26.1.0 and Oracle Database Server versions 23.4.0 to 23.26.2. The vulnerabilities in Oracle REST Data Services allow attackers with low privileges and network access via HTTPS to perform various actions without...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-41607 DESCRIPTION: Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses jackson-core-2.18.2.jar which is vulnerable to WS-2026-0003

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses jackson-core-2.18.2.jar which is vulnerable to WS-2026-0003. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async...

PT-2026-44963

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1 xXE Description An issue exists in the UI Designer form parser, which is the component responsible for processing the layout and design files of the user interface. Recommendations Update to...

freerdp security update

2.1.1-5.0.5 - Fixed CVE-2026-26955 CVE-2026-26956 Orabug: 39189643 2:2.2.0-5.0.3 - Fixed CVE-2026-22855 CVE-2026-22858 CVE-2026-22859 Orabug: 39075086 2:2.2.0-5.0.1 - fixed CVE-2026-23530 CVE-2026-23531 CVE-2026-23532 CVE-2026-23533 CVE-2026-23884 Orabug: 38971897 2:2.2.0-5 - Update: Refactored R...

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2026.1 contained code vulnerabilities due to XML external entity injections in the UI Designer form parser...