CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

CVE-2026-23451

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

UBUNTU-CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

CVE-2026-23474

CVE-2026-23474 concerns a Linux kernel issue related to RedBoot partition table parsing that could trigger a buffer overflow when Fortify-derived checks mis-handle dynamic allocation sizing. The connected OSV/Nessus data indicate this vulnerability has been addressed in multiple distros via patch...

JLSEC-2026-23

The SingleDocParser::HandleNode function in yaml-cpp aka LibYaml-C++ 0.5.3 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...

CLSA-2026-1775221560 exiv2: Fix of CVE-2026-27631

CVE-2026-27631: fix integer overflow in preview component of PSD image parser...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a buffer overflow in the string comparison function of the RedBoot partition table parser...

PT-2026-30273

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

EUVD-2026-18388

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads...

GHSA-8VQR-QJWX-82MW Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

EUVD-2026-18417

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values...

GHSA-RX22-G9MX-QRHV Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

Interpretation Conflict

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CRLF Injection

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

DEBIAN-CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

CVE-2026-34610 leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...

CVE-2026-34827 Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...