Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the gdkpixbufjpegimageload function of the JPEG image loader. An attacker can cause application crashes and disrupt service availability by submitting a specially crafted JPEG image that triggers improper...

GStreamer: GStreamer: Arbitrary code execution via ASF file processing

A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...

CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

Exploit for CVE-2014-8361

Vuln Scanner - Advanced Network Security Scanner !Licenseht...

EUVD-2026-17323

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

Multiple Apple Products Cross-Border Access Vulnerability

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. An out-of-bounds access vulnerability exists in multiple Apple products, which can be exploited by an attacker to terminate a proce...

Guest processing fails for Nutanix AHV, Proxmox VE, Scale Computing HyperCore

Challenge When running backup or replication jobs for Windows virtual machines hosted on Nutanix AHV, Proxmox VE, or Scale Computing HyperCore with Veeam Backup & Replication 13.0.1 Patch 2, guest processing fails with one of the following errors: Failed to install guest processing components for...

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an authorization vulnerability. This vulnerability stemmed from the lack of permission verification for the overrideStatus parameter in the video processing...

PT-2026-29382

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccCalculatorFunc::ApplySequence due to invalid enum values being loaded for icChannelFuncSignature. The issue is...

PT-2026-29312

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from the GPU heap failing to properly validate the length size of input data, which can be exploited by an attacker...

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. There is a security vulnerability in Zebra, which stems from vulnerabilities in the transaction processing logic of Zebra. This vulnerability could allow remote, unauthenticated attackers to cause Zebra nodes t...

cpp-httplib 环境问题漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes servers and clients for HTTP/HTTPS communication. Versions of cpp-httplib prior to 0.40.0 contained environmental issues. This issue stems from the static file processing mechanism not properly handling the request body, which coul...

CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

UBUNTU-CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

EUVD-2026-17093

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

UBUNTU-CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...