CVE-2026-23123

In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...

CVE-2026-23123

In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...

CVE-2026-23123 interconnect: debugfs: initialize src_node and dst_node to empty strings

In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...

CVE-2026-23123 interconnect: debugfs: initialize src_node and dst_node to empty strings

In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize srcnode and dstnode to empty strings The debugfscreatestr API assumes that the string pointer is either NULL or points to valid kmalloc memory. Leaving the pointer uninitialized can cause problem...

CVE-2026-23123

The CVE-2026-23123 issue affects the Linux kernel (interconnect: debugfs) where the src_node and dst_node pointers could be read or written unsafely due to not being initialized. The fix initializes src_node and dst_node to empty strings before creating debugfs entries to ensure reads/writes are ...

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

EUVD-2026-5920

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

PT-2026-8018

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

Alibaba Cloud Linux 3 : 0038: git-lfs (ALINUX3-SA-2026:0038)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0038 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61729: Within HostnameError.Error, when...

Inspektor Gadget 安全漏洞

Inspektor Gadget is a set of tools and frameworks developed by Inspektor Gadget Inc. based on eBPF. Inspektor Gadget has a security vulnerability that arises from the string fields generated by eBPF events in list output mode. These strings are rendered onto the terminal without clearing control...

PT-2026-7900

Name of the Vulnerable Software and Affected Versions Inspektor Gadget affected versions not specified Description Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed...

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

CVE-2025-12699

The CVE-2025-12699 entry concerns the ZOLL ePCR iOS Mobile Application. The issue arises when unsanitized user input inserted into a WebView (PCR fields: run number, incident, call sign, notes) is interpreted as HTML/JS. In the provided POC, injected scripts could read local files from the app’s ...

CVE-2026-2103

Infor SyteLine ERP is affected by CVE-2026-2103 due to hard-coded static cryptographic keys used to encrypt stored credentials (passwords, DB connection strings, API keys). The keys are identical across all installations, enabling an attacker with access to the application binary and database to ...

CVE-2025-68119

A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial hg installed, this can occur when downloading modules from...

Google Go Code Execution Vulnerability (CNVD-2026-10650)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...

CVE-2020-37085

CVE-2020-37085 affects VirtualTablet Server 3.0.2. It describes a denial-of-service condition: sending oversized string payloads via the Thrift protocol, specifically by a long string to the send_say() method, causes the server to become unresponsive. The provided sources do not include a remedia...

SunnySideSoft VirtualTablet Server 安全漏洞

SunnySideSoft VirtualTablet Server is a drawing board software developed by SunnySideSoft Corporation. Version 3.0.2 of SunnySideSoft VirtualTablet Server contains a security vulnerability. This vulnerability arises from a denial-of-service vulnerability in the sendsay method when sendinglong...

PT-2026-5835

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send say method, causing the server to become...

OSV-2026-176 Container-overflow in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479922666 Crash type: Container-overflow READ Crash state: std::1::vector, std:: void std::1::vector, fillcommonheader...