CLSA-2026-1777445825 ncurses: Fix of CVE-2025-69720

CVE-2025-69720: add a limit-check in infocmp -i option's analyzestring function to prevent stack-based buffer overflow from upstream ncurses 6.5 patchlevel 20251213...

CLSA-2026-1777444043 ruby: Fix of 2 CVEs

CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...

PT-2026-35968

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse uname string remoted op.c. This function processes OS identification data from agents a...

PT-2026-35923

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.8.0 to 4.14.4 contained security vulnerabilities. These...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.0.0 to 4.14.4 contained security vulnerabilities. These...

GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

USN-8202-2 jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

USN-8202-2: jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

Exploit for Stack-based Buffer Overflow in Asustor Data_Master

CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...

TOTOLINK N300RT 缓冲区错误漏洞

TOTOLINK N300RT is a wireless router from TOTOLINK Corporation that complies with the 802.11n standard. The TOTOLINK N300RT version 3.4.0-B20250430 contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the iscmdstringvalid function of the libapmib.so component,...

CVE-2026-7179 OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

CLSA-2026-1777322146 jq: Fix of CVE-2026-32316

CVE-2026-32316: fix heap buffer overflow in jvpstringappend and jvpstringcopyreplacebad caused by uint32t overflow in size calculations for strings exceeding INTMAX bytes...

JLSEC-2026-225 Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

JLSEC-2026-234 Vulnerable OpenSSL included in cryptography wheels

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

JLSEC-2026-276 Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads...

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...

CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

CLSA-2026-1777279920 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

CVE-2026-3008

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...