2398 matches found
Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix
A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
CVE-2026-41988
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...
CVE-2026-41988
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the netfs mechanism’s issue during retries when reading abandoned files. This issue may lead to...
EUVD-2026-23944
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption bsc1259950. CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption...
SUSE-SU-2026:1364-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.0. Security issues fixed: - CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption bsc1259950. - CVE-2025-31223: processing maliciously crafted web content may lead to memory corruptio...
poppler: Use-After-Free in StructTreeRoot class
A use-after-free vulnerability has been identified in Poppler’s StructTreeRoot class when processing specially crafted PDF documents. An attacker could exploit this flaw by persuading a user to open a malicious PDF file, or by placing such a file on a share that is later previewed, causing the...
CVE-2026-33815
A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...
EUVD-2026-19640
A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...
CVE-2026-1079
A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...
CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.
A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...
CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.
A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...
PT-2026-30847
A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...
CVE-2025-43238
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination...
CVE-2025-43236
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination...