19813 matches found
OESA-2026-2364 OpenEXR security update
OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...
SUSE CVE-2026-7835
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
PT-2026-42829
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The NewNTUnicodeString function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString a 16-bi...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an unchecked string length overflow. This vulnerability may lead to the return of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: numpy (UTSA-2026-016631)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016631 advisory. An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific...
Mantis Bug Tracker 跨站脚本漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions 2.11.0 to 2.28.1 of Mantis Bug Tracker contain a cross-site scripting vulnerability. This vulnerability stems from allowing any authenticated user to inject arbitrary HTML through the update accoun...
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...
GHSA-24X9-R6Q4-Q93W Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call templatefromstring and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...
USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities
It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...
CVE-2026-8428
Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...
EUVD-2026-31298
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...
CVE-2026-6474
A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...
CVE-2026-7835
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
CVE-2026-7835 Format string argument mismatch
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
CVE-2026-7835
Netatalk 3.0.3–4.4.2 are affected by a format string argument mismatch. The issue (CVE-2026-7835) is fixed in 4.5.0. Debates indicate a remote authenticated attacker could cause a minor denial of service via crafted input; CVSS indicates Low impact. Recommended remediation: upgrade to Netatalk 4....
CVE-2026-7835
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
CVE-2026-7835
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
CVE-2026-7835 Format string argument mismatch
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
USN-8202-3 jq regression
USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...
PT-2026-42430
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.3 through 4.4.2 Description A format string argument mismatch occurs when the software processes input incorrectly. This allows a remote authenticated attacker to cause a minor denial of service by providing crafted input...