7053 matches found
CVE-2026-12891
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-55450
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...
CVE-2026-55450
Langflow prior to 1.9.1 allows unauthenticated uploads via the /upload/{flow_id} endpoint, enabling unlimited data transfer, which can cause server disk-space exhaustion (DoS). The response also leaks the absolute path of the uploaded file, an information leak that could aid further attacks. The ...
CVE-2026-55450 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...
CVE-2026-48500
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...
kernel: RDMA/rxe: Fix double free in rxe_srq_from_init
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...
EUVD-2016-10902
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. A vulnerability exists in the functions snifffeedorhtml and skipinsignificantspace, which may lead to an over-reading of the heap buffer...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Do not cause overflow in the peek function. When we started assigning new inode numbers to most of the 64-bit inode space, it triggered some edge-case bugs, particularly some integer overflows related to...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the use of VAS memory after freeing it. The reference count on the memory module is lowered before the coprocessor is detached...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Improved the bounds checking in decodemessage by copying the bounds checking from encodemessage to decodemessage. This patch addresses the following issues: - Ensure that there is enough space for at least one...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Skipping the “reserved bytes” warning after unmounting after a log cleanup failure. After the recent changes made by commit c2e39305299f01 “btrfs: clearing the extent buffer when writing fails” and its follow-up fix,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: perf: Improved missing SIGTRAP checks To detect missing SIGTRAP checks, we use a WARN in perfeventoverflow. This warning is triggered if pendingsigtrap was already set; returning to user space without consuming pendingsigtrap, an...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: Fixed an error in counting reservedcblocks when there is no space available. When a file requires only one directnode, performing the following operations will result in the file being unrecoverable: bash unisoc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an assertion issue when building the free space tree. When building the free space tree with the block group tree feature enabled, an assertion failure may occur like this: BTRFS info device loop0 state M: rebuilding...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/pmu: Disabled support for adaptive PEBS. Support for virtualizing adaptive PEBS has been discontinued. This is because KVM’s implementation is architecturally broken without an obvious or easy way to address this issu...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a leak of kobject names for the sub-group spaceinfo. When the createspaceinfosubgroup function allocates elements of spaceinfo-subgroup, the kobjectinitandadd function is called for each element via...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed the issue with sample generation versus doexit. Baisheng Gao reported a crash in ARM64 mode. Mark interpreted this as a synchronous external abort—most likely due to attempting to access MMIO in a faulty way. The...
Astra Linux – Vulnerability in exiv2
In Exiv2, from version 0.27.1 onwards, a malicious HTTP server can cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed a hang that occurred during unmount when stopping a space reclaim worker Often, when running the generic/562 test from fstests, a hang may occur during unmount, resulting in a log message like this: Sep 07 11:52:0...