CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

PT-2026-37049

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description Several commands in the Net::IMAP Ruby library accept raw string arguments that are sent to the server without validation or...

PT-2026-34746

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

GHSA-VV3X-J2X5-36JC Filament Unvalidated Range and Values summarizer values can be used for XSS

Two Filament Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the...

Filament Unvalidated Range and Values summarizer values can be used for XSS

Two Filament Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the...

ROS-20260113-7352

A vulnerability in the decryptrawdata function in the fs/smb/client/smb2ops.c module of the SMB subsystem of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...

CVE-2025-62705

A flaw was found in OpenBao. The audit log does not properly redact sensitive fields when relevant subsystems return byte response parameters instead of strings. This includes, but is not limited to, sys/raw with use of encoding=base64, causing all data to be emitted unredacted to the audit log,...

OpenBao and Vault Leak []byte Fields in Audit Logs

Impact OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to: - sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log. - Transit, when performing...

EUVD-2017-16598

Malware in sbrugna...

CVE-2025-59731

OpenEXR/FFmpeg CVE-2025-59731 describes a vulnerability in DWAA/DWAB run-length decoding where the rle_raw_size is not checked when calculating output data. The decoder reads rle_raw_size, decompresses into td->rle_raw_data, and may access entries up to (td->xsize-1)*(td->ysize-1) + rle_...

A Distributed Generative AI Approach for Heterogeneous Multi-Domain Environments under Data Sharing Constraints

Federated Learning has gained increasing attention for its ability to enable multiple nodes to collaboratively train machine learning models without sharing their raw data. At the same time, Generative AI -- particularly Generative Adversarial Networks GANs -- have achieved remarkable success...

DALIBO PostgreSQL Anonymizer 安全漏洞

DALIBO PostgreSQL Anonymizer is an extension for masking or replacing personally identifiable information PII or commercially sensitive data in PostgreSQL databases from France DALIBO. A security vulnerability exists in DALIBO PostgreSQL Anonymizer version v2.0 and v2.1, which stems from a...

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

SUSE CVE-2024-46740

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

CVE-2024-46740

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

AZL-49422 CVE-2024-46740 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

DEBIAN-CVE-2024-46740

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...

UBUNTU-CVE-2024-46740

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lac...