CVE-2026-34459 Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid1: The issue of stack memory usage after a return in the raid1reshape function has been fixed. In the raid1reshape function, the newpool is allocated on the stack and assigned to conf-r1biopool. This causes...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak The function dwc3qcomprobe allocates memory for the resource structure pointed by the parentres pointer. This memory is not freed, leading to a memory leak. Using stack memory can preven...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Fixed a potential stack-out-of-bounds write in ath9kwmirspcallback. This bug involves a write operation that occurs in a WMI response callback function, which is called after a timeout occurs in ath9kwmicmd. The writ...

CVE-2026-31768

A flaw was found in the Linux kernel, specifically within the ti-adc161s626 Analog-to-Digital Converter ADC driver. This vulnerability arises from the use of non-Direct Memory Access DMA-safe stack memory for Serial Peripheral Interface SPI read operations. An attacker with local access could...

PT-2026-36426

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel eBPF verifier where the backtrack insn function fails to correctly handle atomic fetch operations. When encountering a BPF STX instruction with BPF...

CVE-2026-1949

Delta Electronics AS320T is affected by CVE-2026-1949 due to an incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. The available reports identify the host device and the vulnerable component as the AS320T web service handling GET/PUT requests,...

EUVD-2026-23950

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

CVE-2026-0930

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

CVE-2026-0930

CVE-2026-0930 affects wolfSSHd on Windows and describes a potential read-out-of-bounds in the handling of a terminal resize. An authenticated user could trigger the out-of-bounds read after establishing a connection, leaking adjacent stack memory to the pseudo-console output. Public sources (NVD;...

CVE-2026-0930 Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

PT-2026-33853

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007587 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a...

PT-2026-32436

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

CVE-2026-40200

A flaw was found in musl libc. This stack-based memory corruption vulnerability occurs when the qsort function processes extremely large arrays due to incorrectly implemented double-word primitives. A local attacker could exploit this by providing a specially crafted, very large array, potentiall...

DEBIAN-CVE-2026-40200

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms o...

CVE-2026-40200

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms o...

musl libc 安全漏洞

musl libc is an open-source C language standard library developed by musl. It is primarily used in embedded systems and mobile devices. Versions of musl libc from 0.7.10 to 1.2.6 contain security vulnerabilities. These vulnerabilities arise due to incorrect implementation of double-word primitive...

CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

PT-2026-30994

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...