Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Versions of Juju from 3.0.0 to 3.6.18 contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization in the secret-set tool, which could allow authorized users to update key contents and read ...

RHEL 7 : libpng (RHSA-2026:4756)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4756 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

PT-2026-26057

Name of the Vulnerable Software and Affected Versions Juju versions 3.0.0 through 3.6.18 Description Juju’s authorization for the 'secret-set' tool is flawed, allowing a grantee to update secret content. Even when an error is logged during an exploitation attempt, the secret is still updated, and...

CVE-2026-32840

Edimax GS-5008PL firmware ≤ 1.00.54 contains a stored cross-site scripting vulnerability in system_name_set.cgi via the sysName parameter. A crafted POST enables script payloads that execute in administrators’ management pages (including system_data.js). Affected: GS-5008PL devices; impact descri...

CVE-2026-32840

Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored cross-site scripting vulnerability in the systemnameset.cgi script that allows attackers to inject arbitrary script code by manipulating the sysName parameter. Attackers can send a crafted POST request with malicious script...

Denial of Service in pyasn1 via Unbounded Recursion

Summary The pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. This...

OPENSUSE-SU-2026:20378-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-25646: Heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020 - CVE-2025-28162: Fixed a memory leaks when running pngimage. bsc1257364 - CVE-2025-28164: Fixed a memory leaks when running pngimage. bsc1257365...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

CVE-2026-4289

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

Edimax GS-5008PL 跨站脚本漏洞

The Edimax GS-5008PL is a Gigabit Ethernet switch produced by Edimax of Taiwan, China. Versions of the Edimax GS-5008PL prior to 1.00.54 contained a cross-site scripting vulnerability. This vulnerability stemmed from the systemnameset.cgi script, which had a storage-type cross-site scripting flaw...

RHEL 8 : libpng (RHSA-2026:4731)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4731 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security...

EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2026-1568)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...

PT-2026-25973

Name of the Vulnerable Software and Affected Versions pyasn1 versions prior to 0.6.3 Description The pyasn1 library is susceptible to a Denial of Service DoS attack stemming from uncontrolled recursion when decoding ASN.1 data containing deeply nested structures. An attacker can craft a payload...

EulerOS Virtualization 2.12.1 : systemd (EulerOS-SA-2026-1466)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the setcookiegeneratecallback function. An attacker can cause a buffer overflow by providing a callback that returns a cookie value greater than 256 bytes. Note: This is only exploitable if the application explicitly...

EUVD-2026-12371

A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the function sub458754 of the file /goform/setwifi. The manipulation results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about th...

EUVD-2026-12355

A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The...