CVE-2026-42371

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the text range comparison process when handling extremely long Uniform Resource Identifiers. An attacker can cause the application to become unavailable by supplying a malformed, excessively long URI...

CVE-2026-42371

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes...

CVE-2026-42371

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes...

org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...

io.github.vishalmysore:easyQServer (>=0.2.8.11.1 <=0.2.8.12.3), org.springframework.ai:spring-ai-mongodb-atlas-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +1 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-mongodb-atlas-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-mongodb-atlas-store MAVEN version =1.0.0-M5, =0.2.8.11.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321392...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

Apache Storm Prometheus Reporter 信任管理问题漏洞

Apache Storm Prometheus Reporter is a monitoring component developed by the Apache Foundation that converts metrics from distributed stream processing systems into Prometheus format. Versions 2.6.3 to 2.8.6 of Apache Storm Prometheus Reporter contain vulnerabilities related to trust management...

Uriparser 安全漏洞

UriParser is a C89-compatible library for parsing and processing URIs, strictly conforming to RFC 3986 standards. Versions of UriParser prior to 1.0.1 contained security vulnerabilities, which were caused by numerical truncation during text range comparisons...

Linux Distros Unpatched Vulnerability : CVE-2026-42043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request c...

ProjeQtOr 安全漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain security vulnerabilities. These vulnerabilities stem from a lack of authorization verification at the objectDetail.php endpoint, which may lead to the retrieval of...

Linux Distros Unpatched Vulnerability : CVE-2026-41681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the ou...

Linux Distros Unpatched Vulnerability : CVE-2026-42039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, s...

PT-2026-35358

Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.1 Description Numeric truncation occurs during text range comparison when an application accepts URIs with a length in gigabytes. This issue is characterized as an integer overflow, which happens when a numeric...

netfilter: xt_multiport: validate range encoding in checkentry

...

DEBIAN-CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

SUSE CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

0xble (>=14.0.0 <=21.9.1), 100xchat (>=1.1.5 <=1.3.5) +4340 more potentially affected by CVE-2026-8657 via jsondiffpatch (>=0.0.11 <=0.7.3)

jsondiffpatch NPM version =0.0.11, =14.0.0, =1.1.5, =1.0.0, =1.0.0, =1.0.4, =0.10.6, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.1, =0.1.0-alpha.1, =0.1.0, =0.3.1, =0.5.10, =1.2.4 and more Source cves: CVE-2026-8657 Source advisory: SNYK:JS-JSONDIFFPATCH-1632299...