hsweb4 输入验证错误漏洞

hsweb4 is an open-source full-responsive backend management framework based on Spring Boot 2. In versions of hsweb4 5.0.1 and earlier, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of the OAuth2Client function in the file...

Important: docker

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

Important: containerd

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

Important: rclone

Issue Overview: Parsing a malicious font file can cause excessive memory allocation. CVE-2026-33812 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected user...

RHEL 10 : podman (RHSA-2026:24470)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24470 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

Important: docker

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

PT-2026-47619

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description Host advanced overrides allow YAML injection into the agent config.yml. The issue occurs because the ListenHost and TunDevice fields are interpolated raw into a text/template within...

Amazon Linux 2023 : rclone (ALAS2023-2026-1810)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1810 advisory. Parsing a malicious font file can cause excessive memory allocation. CVE-2026-33812 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbound...

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

CVE-2026-11460 Boost Serialization improper validation of specified type of input

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

CVE-2026-11460 Boost Serialization improper validation of specified type of input

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

CVE-2026-11460

Boost Serialization up to 1.91 has an improper validation flaw in an unknown function. The vulnerability can be exploited remotely; the exploit has been published. No patch is currently available and the disclosure deadline has expired; maintainers were notified in Aug 2025.

glitchtip-dns-rebinding-gap-poc

GlitchTip DNS rebinding gap PoC This PoC models the DNS rebin...

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

SUSE CVE-2018-7714

The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service assertion failure because pixels = 130 may be false. Note: “OpenCV CVAssert is not an assertion C-like assert, it is regular C++ exception which can raise...

CVE-2026-11297

An insufficient validation of untrusted input flaw was found in the Reader Mode component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502502017...

CVE-2026-11286

An insufficient validation of untrusted input flaw was found in the Wallet component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502110170...

CVE-2026-11287

An insufficient validation of untrusted input flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502173136...