Information Disclosure

netty incubator codec.bhttp is vulnerable to information disclosure. The vulnerability is due to an improper fallback mechanism used to derive native memory addresses for cryptographic operations when sun.misc.Unsafe is unavailable, which allows an unauthenticated attacker to send crafted OHTTP...

CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

CVE-2026-27144

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

SUSE-SU-2026:20948-1 Security update for net-tools

This update for net-tools fixes the following issues: - Fix stack buffer overflow in parsehex bsc1248687, GHSA-h667-qrp8-gj58. - Fix stack-based buffer overflow in procgenfmt bsc1248687, GHSA-w7jq-cmw2-cq59. - Avoid unsafe memcpy in ifconfig bsc1248687. - Prevent overflow in ax25 and netrom...

UBUNTU-CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

📄 Chromium Memory Corruption Trigger Simulation

This is a theoretical trigger simulation for a Chromium-class vulnerability associated with memory corruption scenarios commonly affecting the V8 JavaScript engine or the Blink rendering engine. The code intentionally performs heap allocation patterns and unsafe memory access attempts in order to...

maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

EUVD-2025-150399

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

Unsound API access to a WebAssembly shared linear memory

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hc7m-r6v8-hg9q For more information see the GitHub-hosted security advisory...

EUVD-2024-1996

Malicious code in bioql PyPI...

EUVD-2022-28400

Malicious code in bioql PyPI...

SUSE-SU-2025:03245-1 Security update for net-tools

This update for net-tools fixes the following issues: Security issues fixed: - Avoid unsafe use of memcpy in ifconfig bsc1248687. - Prevent overflow in ax25 and netrom bsc1248687. - Fix stack buffer overflow in parsehex bsc1248687. - Fix stack buffer overflow in procgenfmt bsc1248687. Other issue...

NeKernel 安全漏洞

NeKernel is a kernel operating system from NeKernel Open Source. A security vulnerability exists in versions prior to NeKernel 0.0.3 that stems from unchecked memory operations, unsafe type conversions, and improper input validation, which could lead to memory corruption, disk image corruption,...

The vulnerability of the upnphost.dll library in the Windows operating system, which allows attackers to escalate their privileges

The vulnerability of the upnphost.dll library in the Windows operating system is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...