Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh

terrapincheck.py A lightweight Python scanner for CVE-2023...

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

CVE-2026-46284 mm/hugetlb: fix early boot crash on parameters without '=' separator

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

CVE-2026-46284

In the Linux kernel, the vulnerability (CVE-2026-46284) affects early boot parameter parsing for hugepages. When hugepages, hugepagesz, or default_hugepagesz are supplied on the kernel command line without an '=' separator, early parsing passes NULL to hugetlb_add_param(), which dereferences NULL...

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

libarchive: Buffer Overflow vulnerability in libarchive

A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...

OSV-2026-889 Use-of-uninitialized-value in vp8_compute_skin_block

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520701729 Crash type: Use-of-uninitialized-value Crash state: vp8computeskinblock encodeframetodatarate vp8getcompresseddata...

Everbrite BeikeShop 注入漏洞

Everbrite BeikeShop is an e-commerce system developed by China Everbright Corporation. Versions of Everbrite BeikeShop prior to 1.6.0.22 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of parameters with the value “settings.value” in the unknown function...

PT-2026-47564

When decoding a PP2 TYPE SSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsExceptio...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1786)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1786 advisory. http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element...

PT-2026-47604

Name of the Vulnerable Software and Affected Versions netty-codec-haproxy versions prior to 4.1.135.Final netty-codec-haproxy versions prior to 4.2.15.Final Description An issue exists when decoding a PP2 TYPE SSL TLV Type-Length-Value where the readNextTLV function in HAProxyMessage calls...

SCVMM Server Component Upgrade Fails After Upgrading to Veeam Backup & Replication 13

Challenge After upgrading Veeam Backup & Replication to version 13, attempts to upgrade the remote components on a highly available System Center Virtual Machine Manager SCVMM management server using the Veeam Backup & Replication Console fail with the following error: Failed to create persistent...

PT-2026-47356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A crash can occur during early boot if the kernel command line parameters hugepages, hugepagesz, or default hugepagesz are...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of handling of empty values during the parsing of the hugetlb parameter. This...

OSV-2026-872 Use-of-uninitialized-value in vpx_variance16x16_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520181861 Crash type: Use-of-uninitialized-value Crash state: vpxvariance16x16avx2 vp8pickintramode vp8cxencodeintramacroblock...

OSV-2026-868 Use-of-uninitialized-value in vp8_regular_quantize_b_sse4_1

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520318421 Crash type: Use-of-uninitialized-value Crash state: vp8regularquantizebsse41 macroblockyrd vp8rdpickintramode...

CVE-2026-9270

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2049)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ACPI: CPPC: Avoid out of bounds access when parsing CPC dataCVE-2022-49145 scsi: libsas: Fix use-after-free bug in...