557 matches found
OPENSUSE-SU-2026:21180-1 Security update for mupdf
This update for mupdf fixes the following issues: Changes in mupdf: - Build and ship MuPDF as a shared library make shared=yes instead of static-only: New subpackage libmupdf272 carries libmupdf.so.27.2 the SONAME tracks the upstream minor.patch version. Replaced the static-only mupdf-devel-stati...
DEBIAN-CVE-2026-58302
rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
OPENSUSE-SU-2026:21062-1 Security update for capnproto
This update for capnproto fixes the following issues: Update to version 1.4.0. Security issues fixed: - CVE-2026-32239: negative Content-Length conversion treated as impossibly large length by KJ-HTTP can lead to HTTP smuggling bsc1259638. - CVE-2026-32240: integer overflow when KJ-HTTP...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
CVE-2026-38641
An issue in the DSO::mmapandcopy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...
CVE-2026-46529
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...
CVE-2026-22165
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...
PT-2026-36497
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A web page containing unusual WebGPU content loaded into the GPU GLES render process can trigger a write Use-After-Free UAF crash in the GPU GLES user-space shar...
CVE-2026-40342
A flaw was found in Firebird, an open-source relational database management system. An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in the external engine plugin loader. This allows an attacker to use a crafted engine name to load an arbitrary shar...
CVE-2026-40342
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...
CVE-2026-40342
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...
CVE-2026-40342
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...
@agent-analytics/paperclip-live-analytics-plugin (>=0.1.1 <=0.1.11), @clawjedi/paperclip-plugin-chat (>=1.0.0 <=1.0.4) +16 more potentially affected by unknown CVE via @paperclipai/shared (>=2026.318.0-canary.0 <=2026.416.0-canary.1)
@paperclipai/shared NPM version =2026.318.0-canary.0, =0.1.1, =1.0.0, =0.0.1, =0.3.3, =0.1.0, =0.1.9, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.407.0-canary.5, =2026.3.17-canary.0, =2026.3.17-canary.2, =0.1.0, =2026.324.0-canary.0, =2026.325.0-canary.3 - corporateai =2026.328.0-canary.0 -...
@agent-analytics/paperclip-live-analytics-plugin (>=0.1.1 <=0.1.11), @bbengamin/paperclip-mcp-server (=0.1.0) +21 more potentially affected by unknown CVE via @paperclipai/shared (>=0.2.2 <=2026.416.0-canary.1)
@paperclipai/shared NPM version =0.2.2, =0.1.1, =1.0.0, =0.0.1, =0.3.1, =0.1.45, =0.1.0, =0.1.9, =2026.3.17-canary.0, =0.2.2, =0.1.0, =2026.3.17-canary.0, =0.2.2, =0.1.0, =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3PW3-V88X-XJ24...
[SECURITY] Fedora 44 Update: libpasraw-1.3.0-22.fc44
Provides shared library to interface Pascal program with libraw...
CVE-2026-40031 MemProcFS < 5.17 DLL/Shared Library Hijacking
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...
HDF5 Plugin 2.17.0 Path Audit
This script demonstrates a controlled security audit scenario targeting the HDF5 dynamic plugin loading mechanism. It compiles a shared C library that mimics a legitimate HDF5 filter plugin by implementing the required H5Zclass2t structure and registration functions H5PLgetplugintype,...
CVE-2021-28249
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...
CVE-2025-8404
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system...