PT-2026-30839

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

emmett 路径遍历漏洞

Emmett is a full-stack Python web framework developed by Emmett. Versions of Emmett from 2.5.0 to 2.8.1 had a path traversal vulnerability. This vulnerability stemmed from issues with the RSGI static processing program, allowing for the reading of files outside the asset directory...

OpenSSL 1.0.2 < 1.0.2zp Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2zp. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zp advisory. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereferenc...

Linux Distros Unpatched Vulnerability : CVE-2026-28388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number...

RockyLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:6300)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6300 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

Libraw 安全漏洞

Libraw is a C++ library developed by Libraw Inc. that processes RAW CRW/CR2, NEF, RAF, DNG, and others format images. It supports various operating systems. Libraw has a security vulnerability, which stems from a heap buffer overflow in the HuffTable::initval function, potentially leading to a he...

Libraw 安全漏洞

Libraw is a C++ library developed by Libraw Inc. that processes RAW CRW/CR2, NEF, RAF, DNG, and other formats images. It supports various operating systems. LibRaw has a security vulnerability, which stems from a heap-based buffer overflow in the x3floadhuffman function, potentially leading to a...

CVE-2025-62818

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI...

Linux Distros Unpatched Vulnerability : CVE-2026-28390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary:...

UBUNTU-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

GHSA-H6RJ-3M53-887H PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

Impact Attackers can put large and/or complex structures as a value to an unknown property in the clientData JWT body in the Minecraft LoginPacket, causing the server to generate very long log messages. Additionally, the property name is logged without any length limitations or sanitization, whic...

Logging of Excessive Data

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Logging of Excessive Data through the processing of unexpected properties in the clientData of the LoginPacket...

EUVD-2026-19320

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans...

CVE-2026-34380

A flaw was found in OpenEXR, an image storage format library. A remote attacker could exploit a signed integer overflow vulnerability in the undopxr24impl function when processing a specially crafted EXR image file. This overflow can cause the application to write pixel data beyond its allocated...

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

CVE-2026-21378

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver...

CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

CVE-2026-34755

vLLM's VideoMediaIO.load_base64("video/jpeg") path has an unbounded frame-splitting bug: data.split(",") bypasses the intended frame-count limit (default 32) used by the binary path, allowing a single request with thousands of comma-separated base64 JPEG frames. This can cause the server to decod...

CVE-2026-21378

The CVE-2026-21378 entry describes a memory corruption vulnerability in a camera sensor driver triggered when IOCTLs access an output buffer without validating its size. Affected component is the camera sensor driver’s IOCTL handling (output buffer). Root cause: insufficient validation of the des...