2582 matches found
CVE-2026-54798
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...
EUVD-2026-42588
Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...
CVE-2026-54778
CVE-2026-54778 : CoreWCF UnixDomainSocket suffers a race in POSIX peer identity resolution due to non-reentrant getpwuid/getgrgid calls, allowing identity misattribution or host process crash under contention. Affected versions are prior to 1.8.1 and 1.9.1; fixed in 1.8.1 and 1.9.1. Impact is lim...
CVE-2026-59892
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints
Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...
CVE-2026-43742
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43704
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash...
CVE-2026-43707
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43699
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-39872
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43726
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43707
CVE-2026-43707 is a memory corruption vulnerability in WebKit that could cause an unexpected process crash when processing maliciously crafted web content. Apple fixed it in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. The vulnerability is tied to memory handling in WebKit co...
CVE-2026-43712
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43712
CVE-2026-43712 concerns a memory handling issue that could cause an unexpected process crash when processing maliciously crafted web content. According to the provided sources, Apple platforms fix this with Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. The CVE is tied to impro...
CVE-2026-43709
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-43709
CVE-2026-43709 affects WebKit-based components in Safari, iOS/iPadOS, and macOS Tahoe/macOS Tahoe builds. Description confirms a use-after-free vulnerability in memory handling that can cause a crash when processing malicious web content. Affected versions include Safari 26.5.2, iOS 26.5.2, iPadO...
CVE-2026-43699
CVE-2026-43699 is a use-after-free vulnerability in WebKit-related components that could be triggered by processing malicious web content, potentially causing an unexpected process crash. The issue is addressed with memory-management fixes and is fixed in Safari 26.5.2, iOS 26.5.2 / iPadOS 26.5.2...
CVE-2026-43734
CVE-2026-43734 is a use-after-free vulnerability in processing maliciously crafted web content, addressed by memory-management fixes. The accompanying disclosures indicate fixes across Apple platforms: Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Affected components in the co...
CVE-2026-28979
Summary: CVE-2026-28979 describes an out-of-bounds access issue fixed by enhanced bounds checking. The vulnerability affects web content processing in Apple platforms and is addressed in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Affected components (from provided docs): Sa...