archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

Important: php8.2

Issue Overview: In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains...

RHEL 8 : dnsmasq (RHSA-2026:20589)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20589 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

HP LaserJet Printers Path Traversal (CVE-2012-5221)

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and...

Check Point Multi-Domain Management 安全漏洞

Check Point Multi-Domain Management is a centralized security management platform provided by Check Point Israel. Check Point Multi-Domain Management has a security vulnerability. This vulnerability arises from the fact that when compliance is enabled in the multi-domain management system, verifi...

Oban Web 安全漏洞

Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework open source project. Versions of Oban Web from 2.12.0 to 2.12.5 contained a security vulnerability. This vulnerability originated from the Elixir.Oban.Web.Jobs.DetailComponent module, where the...

PT-2026-47103

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability...

Important: php8.5

Issue Overview: uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. CVE-2026-42371 In uriparser before 1.0.2, there is pointer difference truncation to int in various places. CVE-2026-44927 In uriparser before 1.0.2, t...

CVE-2026-48683

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflowplugin/netflowv9collector.cpp, the Data template branch lines 1695-1702 iterates over flow records without performing a per-iteration bounds check agains...

ALSA-2026:20589 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE CVE-2026-23401 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriti...

CVE-2026-42154

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

CVE-2026-9504

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

CVE-2026-9500

A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read2004compressedsection of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The explo...

CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

CVE-2026-9504

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

CVE-2026-9504

GNU LibreDWG (up to 0.14) is affected in the Dwggrep Utility, specifically the bit_convert_TU function in programs/dwggrep.c, which can trigger an out-of-bounds read. The issue requires local access to exploit and the public exploit is available. A patch be996bf2178a40e98720f18c2414815d244413db i...

CVE-2026-9500 GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow

A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read2004compressedsection of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The explo...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CosmicSting CVE-2024-34102 Exploit Suite Complete exploit s...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in JexlContextBuilder. An administrator user with entitlements for Derived Schemas and User read can access other users' passwordHistory, securityAnswer, token, tokenExpireTime, and cipherAlgorithm values via...