CVE-2026-31960

A flaw was found in Quill. An attacker with the ability to intercept and modify network traffic, such as through a TLS-intercepting proxy or a compromised certificate authority, could send an arbitrarily large HTTP response body during the Apple notarization process. This unbounded read of the...

CVE-2026-27903

A flaw was found in minimatch, a utility for converting glob expressions into JavaScript regular expressions. A remote attacker can exploit this vulnerability by providing a specially crafted glob pattern containing multiple non-adjacent GLOBSTAR segments. This can lead to unbounded recursive...

CVE-2026-27727

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

CVE-2026-27586

A flaw was found in Caddy, an extensible server platform. Two errors in the ClientAuthentication.provision function can cause mutual Transport Layer Security mTLS client certificate authentication to silently fail open. This occurs when a Certificate Authority CA certificate file is missing,...

CVE-2026-2045

A flaw was found in GIMP. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the conte...

CVE-2026-26200

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...

CVE-2026-2005

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Mitigation Mitigation for this issue is either not available or...

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

CVE-2025-59538

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

CVE-2025-27552

DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032. Mitigation Mitigation for this issue is...

CVE-2023-20593

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criter...

CVE-2022-2993

There is an error in the condition of the last if-statement in the function smpcheckkeys. It was rejecting current keys if all requirements were unmet...

PT-2022-19913 · Zephyrproject +1 · Zephyr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to an error in the condition of the last if-statement in the function smp check keys. This error caused the function to reject...

Business Logic Flaws

OpenZeppelin Contracts has business logic flaw. The vulnerability exists due to a lack of sanitization of past quorum allowing it to be executable when a new quorum meets the smart contract's requirement...

The vulnerability of the GoLang development tool for application software “Aurora Center” relates to the execution of a loop with an unavailable exit condition, allowing attackers to cause service failures.

The vulnerability of the GoLang development tool used by Aurora Application Software involves executing a loop with an exit condition that is not met. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...

Mozilla: Write side effects in MCallGetProperty opcode not accounted for

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...

[SECURITY] Fedora 20 Update: dpkg-1.16.14-1.fc20

This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to handle the installation and removal of packages on a Debian system. This package also contains dselect, an interface for...