CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

CVE-2026-26178

Integer size truncation in Windows Advanced Rasterization Platform WARP allows an unauthorized attacker to elevate privileges locally...

EUVD-2026-22418

Integer size truncation in Windows Advanced Rasterization Platform WARP allows an unauthorized attacker to elevate privileges locally...

Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability

Integer size truncation in Windows Advanced Rasterization Platform WARP allows an unauthorized attacker to elevate privileges locally...

Linux Distros Unpatched Vulnerability : CVE-2026-32240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005783 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of isizeread, so making 'le...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005448)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005448 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of isizeread, so making 'le...

PT-2026-8186

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential buffer overflow issue exists in the i2c hid get report function within the Linux kernel's HID i2c subsystem. The i2c hid xfer function reads data into ihid-rawbuf, and the...

SUSE CVE-2025-40291

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

CVE-2025-40291

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

CVE-2025-40291

The CVE-2025-40291 entry concerns the Linux kernel io_uring path, where io_estimate_bvec_size() could truncate the calculated number of segments, risking corruption due to int overflow in regbuf vector size handling. The issue is described as a rough but simple fix and has been addressed in the L...

EUVD-2017-18656

Malware in sbrugna...

EUVD-2025-18588

Malicious code in bioql PyPI...

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

...

SUSE CVE-2025-38065

In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of isizeread, so making 'len' a sizet results in truncation to 4GiB on 32-bit systems...

DEBIAN-CVE-2025-38065

In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of isizeread, so making 'len' a sizet results in truncation to 4GiB on 32-bit systems...

CVE-2025-38065

In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of isizeread, so making 'len' a sizet results in truncation to 4GiB on 32-bit systems...

CVE-2025-38065 orangefs: Do not truncate file size

In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of isizeread, so making 'len' a sizet results in truncation to 4GiB on 32-bit systems...

CVE-2025-38065

CVE-2025-38065 affects the Linux kernel (orangefs) where a 32-bit truncation occurs because len is stored as size_t from i_size_read(), potentially truncating file sizes to 4 GiB. Exploitation is described as local in the CVE metrics. The vulnerability is addressed by kernel fixes referenced in c...