EUVD-2025-26475

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the GETDATADIRECTSYSFSPATH function in the RDMA/mlx5 driver. This function does not release the...

UBUNTU-CVE-2026-48691

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP ASPATH attribute encoder. In src/bgpprotocol.hpp, the IPv4UnicastAnnounce::getattributes function computes attributelength as 'sizeofbgpaspathsegmentelementt + this-aspathasns.size sizeofuint32t' and stores it in a...

PT-2026-43310

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An integer overflow exists in the BGP AS PATH attribute encoder. The IPv4UnicastAnnounce::get attributes function calculates the attribute length and stores it in a uint8 t fiel...

Astra Linux - уязвимость в php7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the core path resolution function allocates a buffer that is one byte too small. When resolving paths with lengths close to the system’s MAXPATHLEN setting, this may result in the byte after the allocated buffer being...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation with an unvalidated length at nfsreadlinkreply in the “else” block, after calculating the new path length...

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

PT-2026-39856

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.0 Description An issue exists in the ZipHelper.extract function where the extraction path for each entry is computed by passing a full filesystem path through trimFileAndExt. This helper function uses path.basenam...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-016789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016789 advisory. A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform pat...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fixed the Clang warning regarding the size of the mountpoint variable. Clang is reporting this warning as follows: $ make HOSTCC=clang CC=clang LLVMIAS=1 ... clang -O -g -DVERSION="6.8.0-rc3" -flto=auto -fexceptions...

CVE-2018-25232

Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749

CVE-2026-23749 - Golioth Firmware SDK : The vulnerability affects Golioth Firmware SDK versions 0.19.1 prior to 0.22.0. The root cause is an out-of-bounds read caused by improper null termination when copying the blockwise transfer path in blockwise_transfer_init(). If the input path length equal...

CVE-2026-27709 NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...

CVE-2026-27709 NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...

CVE-2026-27709

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...

CVE-2026-27709

NanaZip (open source) version range prior to 6.0.1638.0 and 6.5.1638.0 is affected by an out-of-bounds read in the .NET Single File Application parser during manifest parsing. A crafted bundle can cause a malformed RelativePathLength, leading to the parser constructing a std::string from memory b...

CVE-2026-27709 NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...

PT-2026-22043

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...