4882 matches found
UBUNTU-CVE-2026-53339
In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...
CVE-2026-53339
A flaw was found in the Linux kernel's i2c-qcom-cci driver. This vulnerability occurs when the device unbinding or driver removal process is initiated on systems where only one I2C master is initialized, despite the Qualcomm CCI controller providing two. This can lead to a NULL pointer dereferenc...
EUVD-2026-40443
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
EUVD-2026-40420
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...
EUVD-2026-40421
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...
CVE-2026-56350
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
CVE-2026-50254
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...
CVE-2026-35505
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...
CVE-2026-56350 n8n - SSO Enforcement Bypass via API
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
CVE-2026-50254 OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...
CVE-2026-50254
CVE-2026-50254 affects the DCMTK toolkit’s storescp component. An unauthenticated remote attacker can repeatedly send a crafted connection request, causing a memory leak that grows quickly in the default single-process mode, ultimately killing the service and requiring an operator to restart it. ...
CVE-2026-35505
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-35505 OFFIS DCMTK Toolkit Missing Release of Memory after Effective Lifetime
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...
CVE-2026-35505
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...
CVE-2026-27955
Summary: CVE-2026-27955 affects Coolify prior to 4.0.0-beta.464, where the executeInDocker() helper wraps commands in bash -c '{$command}' without escaping single quotes. User-controlled fields docker_compose_custom_build_command and docker_compose_custom_start_command are interpolated directly, ...
UBUNTU-CVE-2026-53433
fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...
EUVD-2026-40303
fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...
CVE-2026-53433
fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...
PT-2026-53993
Name of the Vulnerable Software and Affected Versions storescp affected versions not specified Description An unauthenticated remote attacker can cause a memory leak by repeatedly sending a single crafted connection request. When storescp operates in its default single-process mode, memory...
PT-2026-54039
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.8.0 Description An authentication bypass exists that allows authenticated Single Sign-On SSO users to disable SSO enforcement via the API. This allows attackers to create local password credentials to authenticate...