Bitsery 安全漏洞

Bitsery is a C++ binary serialization library developed by Mindaugas Vinkelis. Versions of Bitsery 5.2.4 and earlier contained a security vulnerability. This vulnerability stemmed from improper validation of specified input types in the loadFromSharedState function within the...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.95.0-5.hum1 aarch64, x8664 clippy-1.95.0-5.hum1 aarch64, x8664 rust-1.95.0-5.hum1 aarch64, x8664 rust-analyzer-1.95.0-5.hum1 aarch64, x8664 rust-debugger-common-1.95.0-5.hum1 noarch...

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Pathological inputs could cause DoS through consumePhrase when parsing an email address according ...

Double Free

Overview std/net is a Go standard library package std/net Affected versions of this package are vulnerable to Double Free. Go Vulnerability Report: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger...

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

core2 is unmaintained, all versions yanked

The maintainer decided stop maintaining crate and yanked all published versions. Potential alternatives: - embedded-io solves the same general problem - no-std-io2 is a maintained fork...

Improper Handling of Case Sensitivity

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity. Go Vulnerability Report: When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly...

CVE-2026-27634 Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters fmindateavailable, fmaxdateavailable, fmindatecreated, fmaxdatecreated in wsstdimagesqlfilter are concatenated directly into SQL without any escaping or type validation. This...

CVE-2026-26072 EVerest has race-condition-induced std::map corruption in OCPP 1.6 evse_soc_map

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...

CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes servers and clients for HTTP/HTTPS protocols. Versions of cpp-httplib prior to 0.37.0 contained security vulnerabilities. These vulnerabilities stemmed from stack overflows that occurred when the std::regex library was used to pars...

PT-2026-4503

Name of the Vulnerable Software and Affected Versions dataSIMS Avionics ARINC 664-1 version 4.5.3 Description The software contains a local buffer overflow that allows attackers to overwrite memory. This is achieved by manipulating the milstd1553result.txt file. An attacker can create a malicious...

EUVD-2025-37053

Malicious code in store-std npm...

Malicious code in store-std (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61d331f4d0ceded686ff7dab5f2329693385f0e0381a8c236d44c9234e24083a The package store-std was found to contain malicious code...

MAL-2025-49240 Malicious code in store-std (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61d331f4d0ceded686ff7dab5f2329693385f0e0381a8c236d44c9234e24083a The package store-std was found to contain malicious code...

EUVD-2020-3463

Malware in sbrugna...

EUVD-2021-1846

Malware in sbrugna...

EUVD-2021-1783

Malware in sbrugna...