CVE-2026-1765

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

CVE-2025-47402

Transient DOS when processing a received frame with an excessively large authentication information element...

EUVD-2025-206610

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-47398

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

CVE-2025-47397

Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors...

BIT-DISCOURSE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

📄 Gakido CRLF Injection

A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...

Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2026-1128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNOME localsearch 安全漏洞

GNOME localsearch is a file search engine developed under the GNOME open-source framework. GNOME localsearch has a security vulnerability, which stems from a buffer overflow issue during the processing of specially crafted MP3 files by the tracker-extract-mp3 module. This vulnerability could lead...

AlmaLinux 9 : openssl (ALSA-2026:1473)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1473 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or Deni...

PT-2026-5676

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

PT-2026-5678

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A temporary denial of service can occur when processing a received frame containing an excessively large authentication information element. Approximately 1000 devices worldwide may be affected. The...

Arbitrary Code Execution

Overview pymobiledevice3 is a Pure python3 implementation for working with iDevices iPhone, etc... Affected versions of this package are vulnerable to Arbitrary Code Execution via the insecure eval function used to process user-supplied input in the CLI. An attacker can execute arbitrary scripts ...

EulerOS Virtualization 2.10.0 : libarchive (EulerOS-SA-2026-1176)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling...

EulerOS Virtualization 2.10.1 : libtasn1 (EulerOS-SA-2026-1128)

According to the versions of the libtasn1 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a...

CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

UBUNTU-CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

CVE-2025-24293

CVE-2025-24293 affects Rails with Active Storage using image_processing/mini_magick; unsafe allowed transformation methods enable potential command injection when untrusted input reaches blob.variant, per multiple sources. Impact reported as high/critical (CVSS 4.0 base 9.2). Remediation in vario...