CVE-2026-21376

CVE-2026-21376 : Memory corruption occurs when an output buffer is accessed during IOCTL processing in a camera sensor driver without validating its size. Root cause is missing validation of the output buffer size. Documented impact includes high confidentiality, integrity, and availability conce...

CVE-2026-21375

CVE-2026-21375 describes memory corruption when an output buffer is accessed without validating its size during IOCTL processing. The issue is reported in Qualcomm context, with CVSS 3.1 base score 7.8 (HIGH) and local, low exploit complexity, no user interaction required. Descriptions across NVD...

CVE-2026-21373 Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing...

CVE-2026-21373 Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing...

CVE-2026-35559

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2025-54328

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DA...

Samsung多款产品 安全漏洞

SAMSUNG Mobile Processors are products of South Korea’s Samsung Corporation. SAMSUNG Mobile Processors are a series of mobile processors. SAMSUNG Wearable Processors are a series of wearable processors. SAMSUNG Modem Exynos is a series of modem chips. Several Samsung products have security...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a resource management vulnerability that stems from accessing released memory during concurrent fence cancellation and signal processing, which may lead to memory corruption...

RHEL 9 : vim (RHSA-2026:6620)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6620 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...

[SECURITY] Fedora 43 Update: libinput-1.30.3-1.fc43

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput...

CVE-2026-5530

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

AnyBurn 安全漏洞

AnyBurn is a disc burning and image processing tool developed by AnyBurn Corporation. The AnyBurn 4.3 x86 version contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the image conversion function, which could allow local attackers to cause the...

AlmaLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (ALSA-2026:6300)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6300 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

PT-2026-30411

A race condition during TCP connection teardown can cause tcp recv to operate on a connection that has already been released. If tcp conn search returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp backlog is full and dereferenced without...

SUSE CVE-2026-23441

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5eipsecaso struct for each PF, which contains a shared DMA-mapped context...

CVE-2025-43202

This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption...

CVE-2025-43264

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory...

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

UBUNTU-CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...