CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

RUSTSEC-2026-0041 Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

UBUNTU-CVE-2026-21619

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

JRuby-OpenSSL 安全漏洞

JRuby-OpenSSL is an add-on gem for JRuby from the JRuby team. A security vulnerability exists in JRuby-OpenSSL versions prior to 0.12.1 through 0.15.4, which stems from insufficient certificate hostname validation and could lead to a man-in-the-middle attack...

DEBIAN-CVE-2023-28755

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...

barberousse (>=0.1.0 <=0.1.6), borrowing_exerci (>=0.1.0 <=0.4.51) +18 more potentially affected by CVE-2021-36753 via bat (>=0.12.1 <=0.17.1)

bat CARGO version =0.12.1, =0.1.0, =0.1.0, =0.4.0, =0.6.0, =0.1.0, =0.2.0, =0.0.2, =0.16.0, =0.16.0, =0.1.0, =0.5.2, =0.12.0, =0.11.1, =0.12.0, =0.11.0, =0.12.1 and more Source cves: CVE-2021-36753 Source advisory: OSV:GHSA-P24J-H477-76Q3...