OESA-2026-2412 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2410 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2409 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

SUSE CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

CVE-2026-5928 Potential buffer under-read in ungetwc

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

PT-2026-33852

Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...

July 9, 2024—KB5040437 (OS Build 20348.2582)

July 9, 2024—KB5040437 OS Build 20348.2582 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when ne...

USN-5990-1 musl vulnerabilities

It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. CVE-2019-14697 It was...

CVE-2021-39373

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure...

TopMPS information classification system post.php parameter catid wide-character injection vulnerability

No description provided by source...

YouYaX宽字节盲注

No description provided by source...

极限OA 宽字节注入

No description provided by source...

DEBIAN-CVE-2015-1473

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service segmentation violatio...

DEBIAN-CVE-2015-1472

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a lo...

HDWIKI最新版Update注入可修改管理员密码（MYSQL进制技巧）

简要描述： 最新版HDWIKI 5.1 GBK 无视GPC 上首页吧！ 详细说明： 问题出在\hdwiki\control\user.php下 最新版HDWIKI 5.1 GBK版本 HDWIKI全局过滤，但是面对宽字节注入，就容易出问题了 function doeditprofile ifisset$this-post'submit' $gender = intval$this-post'gender'; $birthday = strtotime$this-post'birthday'; $location = $this-post'location'; $signature =...

74CMS talent system v3. 2 injection and full version pass rounded out the background is attached using the EXP-bug warning-the black bar safety net

Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to convert the submitted over the data encoding into utf8 So the use of wide-character injection there is no way out but the...

phpwind 9 /src/service/tag/dao/PwTagDao.php SQL注入漏洞

phpwind是国内一款流行的内容管理系统软件，其9版本/src/service/tag/dao/PwTagDao.php文件代码第116行的$tagName变量由$GET方式获得，代码117-119行拼接SQL语句，带入数据查询。在查询之前执行了/wind/db/mysql/WindMysqlPdoAdapter.php文件代码第24行设置编码为gbk，由此导致宽字节漏洞产生。 phpwind 9...