PT-2026-41791

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.7.0 through 0.8.x Description An integer overflow exists in the memcached text protocol parser of OpenTelemetry eBPF Instrumentation OBI. When parsing memcached storage commands such as set, add,...

Investintech SlimPDF Reader 缓冲区错误漏洞

Investintech SlimPDF Reader is a free PDF reader and viewer provided by the Canadian company Investintech. Versions of Investintech SlimPDF Reader 2.0.13 and earlier contain a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the sub3B4610 function within the...

SUSE CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-45371

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

CVE-2026-42245

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

CVE-2026-8454

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The...

Medium: soci-snapshotter

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Exchange Backup Jobs Run Longer Than Expected or Fail with: Contract schema check for the Exchange Online REST API failed

Challenge Exchange backup jobs in Veeam Backup for Microsoft 365 or Veeam Data Cloud for Microsoft 365 run far longer than expected or fail to complete. The job log contains the following warnings and errors: Warning: Failed to retrieve Exchange Online REST API cmdlet information Warning: HTTP...

CVE-2026-45371

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

CVE-2026-45147 SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

CVE-2026-45371 SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

CVE-2026-45371 SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

CVE-2026-45371

CVE-2026-45371 (SiYuan) : Before v3.7.0, publish-mode Reader can mutate server state via 8 ungated APIs: POST /api/graph/getGraph, /getLocalGraph, /api/sync/setSyncInterval, /api/storage/updateRecentDocViewTime, /api/storage/updateRecentDocCloseTime, /api/storage/updateRecentDocOpenTime, /api/sto...

CLSA-2026-1777365744 libarchive: Fix of CVE-2026-5121

Fix CVE-2026-5121: heap buffer overflow in ISO9660 reader via invalid pzlog2bs value in Rock Ridge ZF extension...

Medium: amazon-ecr-credential-helper

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Medium: runfinch-finch

Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a...

Important: containerd

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

GHSA-GMMV-4CC5-WR9R SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/storage/updateRecentDocCloseTime, POST...

SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/storage/updateRecentDocCloseTime, POST...

CVE-2026-39803 HTTP/1 chunked body reader ignores length cap in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...