PT-2026-49236

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

CVE-2026-39007

Technical details about CVE-2026-39007 are not publicly available in the provided documents. Monitor for updates from vendors and advisories.

PT-2026-49092

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

PT-2026-49093

Glances 4.5.5 is release ! https://preview.redd.it/nr4odffe827h1.png?width=1909&format=png&auto=webp&s=5d337a845f700576ab19a9becce3e49de1cd1391 Quick test with uvx: uvx -U glances Bugs corrected: /api/4/containers stays 4-5s with 60 Docker containers 3559 Crash when using --sparkline 3547 VMs...

GHSA-248M-82V9-Q6G6 pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

UBUNTU-CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

Linux Distros Unpatched Vulnerability : CVE-2026-49982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the...

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of non-string values in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting...

CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

CVE-2026-49982 tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

Linux Distros Unpatched Vulnerability : CVE-2026-11884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer...

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

CSV Injection

Poweradmin is vulnerable to CSV Injection. The vulnerability is due to improper sanitization of user-controlled data before exporting it to CSV files, which allows an attacker to inject malicious spreadsheet formulas that execute when an administrator opens the exported file...

CVE-2026-11884 389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

CVE-2026-52758

Summary: Ghidra before 12.1 suffers a SQL injection in the BSim filter types where user-supplied values are directly concatenated into SQL queries without escaping or parameterization. This enables remote attackers to inject arbitrary SQL via the BSim network query protocol, potentially reading, ...

BIT-APACHE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...