PT-2026-32558

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

PT-2026-32559

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

UBUNTU-CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

PT-2026-32528

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description ImageMagick is software used for editing and manipulating digital images. The DestroyXMLTree function frees the memory of the XML tree recursively witho...

Amazon Linux 2023 : python3-pyasn1, python3-pyasn1-modules (ALAS2023-2026-1538)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1538 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply...

CVE-2026-29923

The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...

CVE-2026-29923

The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...

CVE-2026-29923

The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...

PT-2026-31701

Name of the Vulnerable Software and Affected Versions EnTech Taiwan PowerStrip versions up to and including 3.90.736 Description The pstrip64.sys driver in EnTech Taiwan PowerStrip allows local users to escalate privileges to SYSTEM via a crafted IOCTL request. This enables unprivileged users to...

CVE-2026-29923

The CVE relates to EnTech Taiwan PowerStrip ≤ 3.90.736 where the pstrip64.sys kernel driver exposes IOCTL 0x80002008 that, without proper checks, maps arbitrary physical memory into an unprivileged process via \Device\PhysicalMemory/ZwMapViewOfSection. This creates an unrestricted physical memory...

go-ipld-prime: DAG-CBOR decoder unbounded memory allocation from CBOR headers

The DAG-CBOR decoder uses collection sizes declared in CBOR headers as Go preallocation hints for maps and lists. The decoder does not cap these size hints or account for their cost in its allocation budget, allowing small payloads to cause excessive memory allocation. A CBOR map or list header c...

PT-2026-30757

Name of the Vulnerable Software and Affected Versions go-ipld-prime versions prior to 0.22.0 Description go-ipld-prime’s DAG-CBOR decoder does not limit the size of preallocations for maps and lists based on CBOR headers, potentially leading to excessive memory allocation from small payloads...

GHSA-5JG4-P4QW-CGFR @stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags

Summary @stablelib/cbor decodes nested CBOR structures recursively and does not enforce a maximum nesting depth. A sufficiently deep attacker-controlled CBOR payload can therefore crash decoding with RangeError: Maximum call stack size exceeded. Details The decoder processes arrays, maps, and...

Fedora 42 : xen (2026-f04da48123)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f04da48123 advisory. update to xen 4.19.5 ---- Use after free of paging structures in EPT XSA-480, CVE-2026-23554 Xenstored DoS by unprivileged domain XSA-481,...

[SECURITY] Fedora 44 Update: libtasn1-4.21.0-1.fc44

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functi ons...

Fedora 44 : xen (2026-f884fd0313)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f884fd0313 advisory. update to xen 4.21.1 ---- Use after free of paging structures in EPT XSA-480, CVE-2026-23554 Xenstored DoS by unprivileged domain XSA-481,...

SUSE SLES15 Security Update : xen (SUSE-SU-2026:1092-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1092-1 advisory. - CVE-2026-23554: xen: Use after free of paging structures in EPT bsc1259247, XSA-480 Tenable has extracted the preceding description block...