19813 matches found
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrect string termination in AppArmor, potentially leading to a buffer overflow...
CVE-2026-38426
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv10scripter.ino, fetchjpg, jpgtask.boundary40, strcpy function...
PT-2026-44058
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4 Description The buildMatcherRegex and matches functions in packages/backend-core/src/middleware/matchers.ts compile route patterns into unanchored regular expressions and test them against ctx.request.url, whi...
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...
CVE-2026-46055
apparmor: Fix string overrun due to missing termination...
CVE-2026-44451
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
CVE-2026-44451 Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
CVE-2026-44451
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
EUVD-2026-31979
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
CVE-2026-44451 Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
CVE-2026-44451
Lumiverse prior to version 0.9.7 has a sandbox escape vulnerability in its component override system. The system transpiles user TSX with Sucrase and evaluates it via new Function, shadowing dangerous globals (fetch, window, eval, etc.). A static validator blocks identifiers, but a string-split b...
DEBIAN-CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
Malicious code in unique-id-64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...
Important: Red Hat Security Advisory: ruby4.0 security update
An update for ruby4.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection
A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...
Important: openexr
Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in...
Important: ruby:4.0 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...
CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
MAL-2026-4408 Malicious code in @nolimit-x/win32-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 343787b335da015be56f49d118534c54bf81abab9e53b40bec0114d23bcc95c7 Package ships a single 8.1 MB Windows PE nolimit-core.exe as its main entry with only the description 'nolimit-x native binary for Windows x64' — no...