11990 matches found
DrayTek Vigor - Command Injection
DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...
CVE-2026-55213
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...
CVE-2026-55213
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...
PT-2026-56921
Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description An authenticated arbitrary file write exists in the legacy web UI program-upload workflow. The application stores an attacker-supplied filename prog file into the Programs.File database field and uses this...
CVE-2026-53877
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
EUVD-2026-42044
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
CVE-2026-53877 Heap buffer over-read in GDALRaster
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
PYSEC-2026-1013 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...
PYSEC-2026-1037 TensorFlow vulnerable to segfault in `QuantizedAdd`
Impact If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf Toutput = tf.qint32 x = tf.constant140, shape=1, dtype=tf.quint8 y = tf.constant26, shape=10,...
PT-2026-56196
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description An issue exists where django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object. This can lead to the disclosure of...
BIT-ENVOY-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
BIT-ENVOY-2026-47204 Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpcstats filter crashes null pointer dereference / segfault when a Connect protocol request Content-Type: application/connect+proto...
ipv6: sit: reload inner IPv6 header after GSO offloads
...
CVE-2026-53228
A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...
PT-2026-53221
Name of the Vulnerable Software and Affected Versions Delta Electronics DTM Soft affected versions not specified Description The software is susceptible to the deserialization of untrusted data, which can allow an attacker to execute arbitrary code. Real-world exploitation has been observed where...
CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
CVE-2026-47220
The CVE describes a crash in Envoy when using %REQUESTED_SERVER_NAME(X:Y)% in log format with host-related options (e.g., HOST_FIRST, SNI_FIRST) and the specified host header is missing in the request headers. Affected versions are 1.37.0 through 1.37.5 and 1.38.3. The vulnerability arises from t...
CVE-2026-47205
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...
CVE-2026-47205
CVE-2026-47205 affects Envoy’s ext_authz HTTP filter. From 1.36.0 through 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) occurs when processing per-route authorization overrides concurrently with rapid downstream disconnects. The vulnerable flow creates a transient per-route client and reallo...
CVE-2026-21734
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...