1015 matches found
HammerSim: A System-Level Tool to Model RowHammer
Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...
Astra Linux – Vulnerability in PostgresSQL 11
Incomplete tracking of tables with row security in PostgreSQL allows a reused query to view or modify different rows than intended. CVE-2023-2455 and CVE-2016-2193 addressed most issues related to interactions between row security and changes to user IDs. However, they did not cover cases where a...
Astra Linux – Vulnerability in libraw
In LibRaw, there is a out-of-bounds read vulnerability within the “simpledecoderow” function libraw\src\x3f\x3futilspatched.cpp, which can be triggered by an image with a large rowstride field...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the getblockrow function in libavfilter/vfbm3d.c. This vulnerability may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.12 contains multiple buffer overflows due to vulnerabilities in the numtilecolumns and numtilerow parameters of the picparameterset::dump function...
Loaded Dice: Solving the Non-Selection Problem for Scalable Probabilistic RowHammer Defense
DRAM scaling has exacerbated the RowHammer vulnerability. To counter this, JEDEC recently introduced Per Row Activation Counting PRAC with the Alert Back-Off protocol as an optional DDR5 feature. While promising, PRAC requires per-row counter cells that incur area overhead, and updating them on...
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...
GHSA-3263-V5V9-XQ8Q Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...
Incorrect Authorization
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Incorrect Authorization through the row action trigger process. An attacker can gain unauthorized access to data and perform actions on database rows outside their permitted scope by supplying a...
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...
PT-2026-41796
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The row action trigger endpoint "POST /api/tables/:sourceId/actions/:actionId/trigger" fails to validate if the user-supplied rowId is within the scope of the view's row filters. This allows a user...
CVE-2026-8454
Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The...
NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
CVE-2026-40902
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...
CVE-2026-40863 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...
CVE-2026-40863 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...
CVE-2026-40863
CVE-2026-40863 affects PhpSpreadsheet’s SpreadsheetML XML reader. An attacker can craft an XML with an oversized ss:Index (e.g., 999999999) on a , inflating the internal cachedHighestRow to ~1 billion and causing CPU exhaustion during row iteration. This leads to denial of service when processing...
CVE-2026-40902 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...
CVE-2026-40902 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...
CVE-2026-40902
CVE-2026-40902 affects PhpSpreadsheet’s XLSX reader. The vulnerability arises when ColumnAndRowAttributes::readRowAttributes() reads the row index (r attribute) from XML without validating against the maximum row limit (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a tiny XLSX file co...