CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.117 contained a race condition vulnerability, which was caused by race conditions in the GPU. This vulnerability allowed remote attackers to execute a sandbox escape through a specially crafted...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.117 contained a buffer overflow vulnerability, which was caused by out-of-bound reads from the GPU. This vulnerability allowed remote attackers with access to the renderer process to execute a...

openSUSE 16 Security Update : gdk-pixbuf (openSUSE-SU-2026:20558-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20558-1 advisory. This update for gdk-pixbuf fixes the following issue: - CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially...

PT-2026-34685

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 147.0.7727.117 Description An out of bounds read in the GPU allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

Oracle MySQL Server InnoDB Component Denial of Service Vulnerability (CNVD-2026-18431)

Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL Server. The vulnerability stems from an internal...

PT-2026-34618

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions 0.6.0 and earlier Description The software allows attacker-controlled processing instruction PI data to be serialized into XML without validating o...

WeKan 代码问题漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.35 contained code vulnerabilities. These vulnerabilities stemmed from the webhook integration URL processing, where the url pattern field allowed any string without protocol restrictions or target...

PT-2026-34686

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.117 Description A race condition in the GPU component on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used to...

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

ddev 路径遍历漏洞

ddev is an open-source local PHP and Node.js development environment tool developed by DDEV. Versions of ddev prior to 1.25.2 contained a path traversal vulnerability. This vulnerability stemmed from the Untar and Unzip functions not verifying paths properly, which could lead to path traversal wh...

openSUSE 16 Security Update : qemu (openSUSE-SU-2026:20567-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20567-1 advisory. Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests se...

Nimiq 数字错误漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a numerical error vulnerability. This vulnerability stems from the nimiq-account contract’s VestingContract::canchangebalance function, which returns AccountError::InsufficientFund...

Debian dsa-6227 : charon-cmd - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6227 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6227-1 [email protected]...

RHEL 8 : libarchive (RHSA-2026:9592)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9592 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

CVE-2026-22016

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

CVE-2026-22016

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...