158 matches found
UBUNTU-CVE-2026-56114
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...
Linux Distros Unpatched Vulnerability : CVE-2025-70102
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, t...
Astra Linux – Vulnerability in Mariadb 10.3
It has been discovered that MariaDB Server v10.6.3 and earlier contain a use-after-free in the VDec::VDec component at /sql/sqltype.cc...
Astra Linux – Vulnerability in Mariadb 10.3
It has been discovered that MariaDB Server v10.9 and below contains a segmentation fault through the component sql/itemfunc.cc:148...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB before version 10.6.2 allows an application to crash due to improper handling of a pushdown from a HAVING clause to a WHERE clause...
Astra Linux – Vulnerability in Mariadb 10.3
It was discovered that MariaDB v10.7 contains a use-after-poison issue in the interceptormemset function located at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
Astra Linux – Vulnerability in Mariadb 10.3
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.43 and earlier, 8.0.34 and earlier, and 8.1.0 and earlier. This easily exploitable vulnerability allows a high-privilege attacker with network access via multiple protocols to...
EUVD-2026-35496
md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...
Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update
The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...
CVE-2026-42553
Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...
PT-2026-40315
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...
[SECURITY] Fedora 44 Update: qt6-qtdatavis3d-6.10.3-1.fc44
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
CVE-2026-40192
Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
CVE-2026-40100
CVE-2026-40100 affects FastGPT prior to version 4.14.10.3. The /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication; the internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP is true (not the default), enabling unauthenticated SSR...
GitLab 12.10 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-1092)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause...
CVE-2026-35414
OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...
CVE-2026-35387
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...
DEBIAN-CVE-2026-35385
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...