509 matches found
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the MakeTable in the decompression routine when bit-length values from a crafted firmware blob exceed the expected range, leading to stack memory corruption in the Count array and related decode tables. An...
DEBIAN-CVE-2026-34544
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...
OESA-2026-1762 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnetstartxmit/usbsubmiturb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1...
CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...
CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...
CVE-2026-22321
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
GHSA-P8MM-644P-PHMH PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
Summary PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a needle derived from the profile path. In v0.8.4, that string interpolation escapes...
CVE-2026-4488
The CVE-2026-4488 entry concerns UTT HiPER 1250GW (up to 3.2.7-210907-180535). The vulnerability is in the strcpy usage within the file /goform/setSysAdm, where manipulation of the GroupName argument leads to a buffer overflow. This allows a remote attacker to potentially exploit the flaw, and pu...
SUSE CVE-2025-71270
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable exception fixup for specific ADE subcode This patch allows the LoongArch BPF JIT to handle recoverable memory access errors generated by BPFPROBEMEM instructions. When a BPF program performs memory access...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the analyzestring function of the infocmp -i routine. An attacker can execute unauthorized code, cause denial of service, corrupt data, or access sensitive information by supplying specially crafted input ...
EUVD-2026-12790
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
CVE-2026-27838
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...
CVE-2026-25085
Copeland XWEB Pro prior to 1.12.1 is affected by an authentication bypass. The issue stems from the authentication routine returning an unexpected value that is later treated as legitimate, bypassing authentication controls. Affected software is Copeland XWEB Pro (version 1.12.1 and earlier). The...
CVE-2026-25085
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass...
CVE-2026-27838
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...
GHSA-42CR-W2GR-M54Q wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...
EUVD-2026-8906
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data...
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...
CVE-2026-27838 wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...
CVE-2026-27838 wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...