CLSA-2026-1771857969 Fix CVE(s): CVE-2025-14087, CVE-2025-14512

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-1408714512.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX - CVE-2025-14087 SECURITY UPDATE: Integer overflow in escapebytestring leads to...

CLSA-2026-1771857684 Fix CVE(s): CVE-2025-14087, CVE-2025-14512

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-1408714512.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX - CVE-2025-14087 SECURITY UPDATE: Integer overflow in escapebytestring leads to...

CLSA-2026-1771857296 Fix CVE(s): CVE-2025-14087

SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-14087.patch: Fix integer overflows in GVariant text format parser when processing input longer than INTMAX, and fix integer overflow in escapebytestring for byte strings with many invalid...

CVE-2026-2935

The CVE reports a buffer overflow in UTT HiPER 810G (up to version 1.7.7-171114) in the strcpy usage of /goform/ConfigExceptMSN when remark is manipulated. Impact is described as remote execution with high severity (ATT&CK not specified in the documents); exploit publicly available and possible f...

PT-2026-21405

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G version 1.7.7-171114 Description A buffer overflow issue exists in the strcpy function within the /goform/ConfigExceptAli file of UTT HiPER 810G version 1.7.7-171114. The strcpy function lacks bounds checking, allowing malicious...

CLSA-2026-1771512005 glib2: Fix of 2 CVEs

CVE-2025-14087: fix heap corruption in GLib GVariant parser by preventing integer overflows and unsafe buffer size calculations - CVE-2025-14512: fix integer overflow in escapebytestring for byte strings with many invalid characters...

CVE-2026-2704

A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the...

CVE-2026-2704

A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the...

VulnCheck KEV: CVE-2026-25253

OpenClaw aka clawdbot or Moltbot before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value...

PT-2026-20850

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.2.0 Description jsPDF is a JavaScript library used to generate PDF documents. A flaw exists where user-controlled input to the addJS method allows an attacker to inject arbitrary PDF objects into generated documents. ...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

PT-2026-20416

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str less::operator of the file include/chaiscript/chaiscript defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

CLSA-2026-1771329952 Fix CVE(s): CVE-2025-13601

SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2025-13601.patch: Fix heap-based buffer overflow by correcting buffer size calculation in gescapeuristring - CVE-2025-13601...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

PT-2026-20266

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An information exposure issue exists in Datart version 1.0.0-rc.3. Authenticated attackers can potentially access sensitive data through a custom H2 JDBC connection string. The issue involves the potential...

Updated dcmtk packages fix security vulnerabilities

OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption. CVE-2025-14607 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference. CVE-2025-14841...

Advisory ROSA-SA-2026-3153

Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.1 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv31 affected versions libtomcrypt-1.18.2-5.0.1.1.rv31 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...