3355 matches found
UBUNTU-CVE-2026-23252
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...
CVE-2026-23252 xfs: get rid of the xchk_xfile_*_descr calls
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...
CVE-2026-23252
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...
CVE-2026-23252 xfs: get rid of the xchk_xfile_*_descr calls
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...
CVE-2026-32609
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...
Malicious code in transform-json-strings (npm)
The package 'transform-json-strings' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1569 Malicious code in transform-json-strings (npm)
The package 'transform-json-strings' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
EUVD-2025-208653
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
CVE-2025-14811 IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
IBM Sterling Partner Engagement Manager 安全漏洞
IBM Sterling Partner Engagement Manager is an automated management tool provided by IBM Corporation. Versions of IBM Sterling Partner Engagement Manager prior to 6.2.3.5 and 6.2.4.2 contain security vulnerabilities. These vulnerabilities stem from the possibility that attackers could extract...
EUVD-2026-11385
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form...
Stack-based Buffer Overflow
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Stack-based Buffer Overflow
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Stack-based Buffer Overflow
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Stack-based Buffer Overflow
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in ParseKernelArray in morphology.c. An attacker can cause memory corruption by supplying malicious kernel strings. Remediation A fix was pushed into the master branch but not yet published. References - GitH...
GHSA-932H-JW47-73JM ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption...
ImageMagick vulnerable to stack corruption through long morphology kernel names or arrays
A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption...
`Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants
Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...
SUSE CVE-2026-28494
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-siz...