6267 matches found
CVE-2025-51677
The CVE-2025-51677 entry describes an issue in openRISC OR1200, specifically commit 83ac6b. The root cause is an output mismatch between the RTL and the netlist for the or1200 CPU output port, which can cause unexpected behavior in affected designs. The connected sources (NVD/CVE records) confirm...
CVE-2026-13030
An uninitialized use flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=522840723...
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
CVE-2026-24271
NVIDIA TensorRT-LLM’s OpenAI-compatible inference API (CVE-2026-24271) is vulnerable to unthrottled GPU resource allocation, potentially causing denial of service. The affected product is NVIDIA TensorRT-LLM; the issue stems from uncontrolled resource allocation within the inference API. The secu...
CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation
On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...
CVE-2026-51540
OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...
CVE-2026-51540
OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...
CVE-2026-7639
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...
CVE-2026-41154
Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...
CVE-2026-45203
The CVE-2026-45203 entry concerns a TOCTOU issue in GPU DDK software used inside a Host VM. CVE records attribute a vulnerability in the rgxfw_hwperf_ufo() path where the command size is re-read after initial validation, enabling improper commands to reach GPU firmware and potentially trigger a m...
EUVD-2026-43039
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...
CVE-2026-45196
CVE-2026-45196 involves GPU DDK components (rgxfw_hwperf_hw) where unsanitized pointers from host-kernel inside a Host VM enable arbitrary GPU register writes via GPU Firmware commands, leading to privilege escalation. Exploitation is described as local with low privileges and no user interaction...
EUVD-2026-43037
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...
CVE-2026-41154 GPU DDK - Incorrect Index Calculation in CMA Cleanup Path of AllocOSPages_Sparse
Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...
GHSA-55F6-PF8R-C2F4 Open Babel has out-of-bounds write in MOPAC translationVectors[] (UNIT CELL TRANSLATION)
Summary A memory-safety vulnerability in Open Babel's MOPAC output parser allowed an out-of-bounds write into the translationVectors array when reading the "UNIT CELL TRANSLATION" block of a crafted input file. Details The MOPAC output reader stored translation vectors from the UNIT CELL...
CVE-2026-27783
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...
CVE-2026-28740
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...
CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...
CVE-2026-28740
CVE-2026-28740 affects Gitea up to version 1.26.2. The issue allows Git LFS object reuse to authorize private source objects for users with repository access but without Code-unit access (root cause: LFS object reuse bypassing Code-unit authorization). Impact is unauthorized access to private sou...
CVE-2026-28740 Gitea LFS object reuse bypasses Code-unit authorization
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access...