CVE-2026-6665 PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

EUVD-2026-28877

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

PT-2026-39227

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description The SCRAM code fails to correctly check the return value of the strlcat function when constructing the SCRAM client-final-message. A malicious backend can trigger a stack overflow by sending a SCR...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: unixODBC (UTSA-2026-017328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017328 advisory. An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed o...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-017383)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017383 advisory. In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element. Tenable has extracted the...

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Versions of PgBouncer prior to 1.25.2 contained security vulnerabilities. These vulnerabilities stemmed from incorrect checks on the return value of strlcat during the construction of SCR...

Linux Distros Unpatched Vulnerability : CVE-2026-6665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016787 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular referenc...

CLSA-2026-1778266904 kernel: Fix of 188 CVEs

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags - clk: Fix clkhwgetclk when dev is NULL CVE-2022-49187 - x86/sgx: Add overflow check in sgxvalidateoffsetlength CVE-2022-49785 - ext4: init quota for 'old.inode' in...

CVE-2026-43380

A flaw was found in the Linux kernel's hwmon subsystem, specifically within the pmbus/q54sj108a2 driver. This vulnerability, a stack buffer overflow, occurs in the q54sj108a2debugfsread function due to incorrect arguments passed to the bin2hex function. This flaw allows data to be written past th...

EUVD-2026-28786

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the minmeascan function. An attacker can execute arbitrary code or cause a denial of service by supplying specially crafted NMEA input that leads to copying data into a buffer without proper size...

Exploit for Stack-based Buffer Overflow in Dronecode Px4_Drone_Autopilot

CVE-2026-32743 - PX4 Autopilot MavlinkLogHandler Stack Buffer...

CVE-2026-29974

An issue was discovered in kosma minmea 0.3.0. The minmeascan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmeascan on untrusted input are vulnerable to a stack buffer overflow...

CVE-2026-29972

nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recvreadregistersres in nanomodbus.c. When a client calls nmbsreadholdingregisters or nmbsreadinputregisters, the library writes register data from the server response to the caller-provided buffer based on the response's bytecount...

EUVD-2026-28738

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhcidisableslot xhcialloccommand allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhcidisableslot only...

EUVD-2026-28722

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

EUVD-2026-28686

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

CVE-2026-43453

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...