Theora 缓冲区错误漏洞

Theora is a reference implementation of Theora video compression format developed by Xiph open-source projects. Theora has a buffer error vulnerability, which stems from a heap out-of-bounds read in the aviparseinputfile function of the AVI parser. This vulnerability could lead to denial-of-servi...

PT-2026-30711

openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection that allows out-of-bounds heap memory access when parsing a crafted .pof file. No FPGA hardware is required to trigger this vulnerability...

PT-2026-30592

Name of the Vulnerable Software and Affected Versions libtheora affected versions not specified Description A heap-based out-of-bounds read flaw exists in libtheora's AVI Audio Video Interleave parser, specifically within the avi parse input file function. A local attacker could exploit this by...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained a security vulnerability; this vulnerability stemmed from infinite recursion in the parser, which could lead to process crashes...

Directus 信息泄露漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.1 contained a vulnerability related to information leakage. This vulnerability stemmed from the serverspecs GraphQL parser not...

PT-2026-30724

Name of the Vulnerable Software and Affected Versions Discount versions 1.3.1.1 through 2.2.7.3 Description A signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT MAX are truncated to a signed int before entering the native parser,...

Debian: Security Advisory (DLA-4522-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c)

Summary libcurl’s SMTP implementation fails to properly sanitize CRLF sequences in user-controlled inputs passed via CURLOPTMAILFROM and CURLOPTMAILRCPT. The function smtpparseaddress lib/smtp.c:277 extracts any data following the closing character as a raw suffix and incorporates it directly int...

Linux Distros Unpatched Vulnerability : CVE-2026-23457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns...

Linux Distros Unpatched Vulnerability : CVE-2026-23474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 fortify: Use...

AlmaLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (ALSA-2026:6300)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6300 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

Debian dla-4522 : libxml-parser-perl - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4522 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4522-1 [email protected]...

openSUSE 16 Security Update : perl-XML-Parser (openSUSE-SU-2026:20459-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20459-1 advisory. - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer...

SUSE CVE-2026-5318

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits causes out-of-bounds write. It is possible to initiate the attack remotely. T...

Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow

Summary An open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certain malformed URLs as external, allowing attackers to bypass redirect allow-list validation and redirect users to arbitrary external domains upon...

Header Injection

aiohttp is vulnerable to Header Injection. The vulnerability is due to the C parser llhttp accepting null bytes and control characters in response header values, where crafted header values containing these characters can be interpreted differently by the application or downstream proxies,...

SUSE CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

CVE-2026-26962

A flaw was found in Rack, a modular Ruby web server interface. Rack::Multipart::Parser incorrectly processes folded multipart part headers, failing to remove embedded carriage return and line feed CRLF characters. This can lead to applications that reuse these parsed values in HTTP response heade...

CVE-2026-23474

A flaw was found in the Linux kernel's Memory Technology Device mtd subsystem, specifically within the RedBoot partition table parser. A local user could trigger a buffer overflow when the system attempts to read beyond the allocated buffer size during partition table parsing. This vulnerability...