CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

SUSE CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

PT-2026-39424

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow exists in the SWSDfldsrch function within the frmts/hdf4/hdf-eos/SWapi.c file. This issue can be triggered through local access by executing a manipulation...

Linux Distros Unpatched Vulnerability : CVE-2026-8088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executi...

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

UBUNTU-CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

Astra Linux - уязвимость в linux

A vulnerability was discovered in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003908 advisory. A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disab...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004035 advisory. A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. Tenable has extracted the preceding description block...

Form.io 信息泄露漏洞

Form.io is a combined forms and API platform for serverless applications from US-based Form.io. An information disclosure vulnerability exists in Form.io versions prior to 3.5.6 and 4.0.0-rc.1 through 4.4.2, which stems from a flaw in path handling that could lead an attacker to access a protecte...

CVE-2025-67495 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...

EUVD-2025-199988

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

Important: Red Hat Bug Fix Advisory: .NET 10.0 bug fix and enhancement update

An update for .NET 10.0 is now available for Red Hat Enterprise Linux 9. Please updateBug Fixes and Enhancements: Update .NET 10 to RC 1 rhel-9.7.z JIRA:RHEL-114572 Update .NET 10 to RC 2 rhel-9.7.z JIRA:RHEL-121559 dotnet10.0: .NET Denial of Service Vulnerability rhel-9.7.z JIRA:RHEL-120623...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the torch.Tensor.random function when a model is compiled with Inductor. An attacker can cause the application to crash or become unresponsive by triggering a syntax error...

CVE-2025-39734

CVE-2025-39734 affects the Linux kernel component fs/ntfs3 in the NTFS file-system path. The issue stems from a revert of the inode_trylock versus inode_lock handling (commit 69505fe98f198ee813898cbcaf6770949636430b). The description notes that previously conditional lock acquisition was removed ...

PT-2025-33558

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists between the spsc queue push function and the run-job worker, potentially causing job scheduling to halt and leading to hangs while waiting on DMA fences. This...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

org.sonarsource.sonarqube:sonar-application (>=6.2 <=7.0-RC1) potentially affected by CVE-2024-38460 via org.sonarsource.sonarqube:sonar-web (>=6.2 <=7.0-RC1)

org.sonarsource.sonarqube:sonar-web MAVEN version =6.2, =6.2, =7.0-RC1 Source cves: CVE-2024-38460 Source advisory: OSV:GHSA-HW2C-8XGW-MF57...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from a SQL injection vulnerability in the path /common/dict/list...

SUSE CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...