SUSE-SU-2026:1477-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...

EUVD-2026-23786

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

curl: Stack exhaustion in MIME multipart reading with deeply nested subparts

Summary: The MIME read path uses mutually recursive helpers for nested multipart structures without enforcing a recursion depth limit. A sufficiently deep tree of nested curlmimesubparts objects causes stack exhaustion when libcurl starts reading the MIME body. The attached PoC builds a deeply...

CVE-2026-6643

ASUSTOR ADM VPN clients (ADM 4.1.0–4.3.3.RR42 and 5.0.0–5.1.2.REO1) are affected by CVE-2026-6643 due to a stack-based buffer overflow caused by unbounded sscanf() and passing user-controlled data to printf() in vpnupload.cgi (upload_wireguard). The vulnerability can lead to code execution as the...

CVE-2026-6643

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

CVE-2026-6643 A stack-based buffer overflow vulnerability in the VPN Clients on the ADM

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

EUVD-2026-23747

SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device...

CVE-2026-26399

A stack-use-after-return issue exists in the ArduinoCoreSTM32 library prior to version 1.7.0. The pwmstart function allocates a TIMHandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-26399

Summary of CVE-2026-26399 (Arduino_Core_STM32) : A stack-use-after-return vulnerability exists in the Arduino Core STM32 library for versions prior to 1.7.0. The function pwm_start() allocates a TIM_HandleTypeDef on the stack and passes its address to HAL initialization routines, which store a re...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.6 of Dell PowerProtect Data Domain, as well as in LTS2025 versions 8.3.1.0 to 8.3.1.20 a...

PT-2026-33693

Name of the Vulnerable Software and Affected Versions SD-330AC affected versions not specified AMC Manager affected versions not specified Description SD-330AC and AMC Manager contain a stack-based buffer overflow in the redirect handler. This issue occurs during the processing of redirect URLs,...

PT-2026-33853

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output...

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management of...

Arduino 安全漏洞

Arduino is a microcontroller board developed by the Arduino project. Versions of Arduino prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to a stack reuse issue in the pwmstart function, which could lead to memory corruption...

PT-2026-33722

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

CVE-2026-26399

A stack-use-after-return issue exists in the ArduinoCoreSTM32 library prior to version 1.7.0. The pwmstart function allocates a TIMHandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function...

RLSA-2026:8471 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

April 19, 2026—KB5091571 (OS Build 25398.2276) Out-of-band

April 19, 2026—KB5091571 OS Build 25398.2276 Out-of-band Summary This out-of-band update for Windows Server, version 23H2 KB5091571 is cumulative. It includes fixes and improvements that are part of the following update: April 14, 2026—KB5082060 OS Build 25398.2274 The following is a summary of t...

PT-2026-33646

5/8 Action 4: Apply Critical Patches 24-Hour Priority • Okta Identity Cloud CVE-2026-51287: Critical authentication bypass actively exploited April 18–19, 2026; affects workforce and customer identity flows. Patch all tenants per CISA directive issued April 19. • Elastic Stack Elasticsearch +...