CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

PT-2026-42229

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

PT-2026-42216

Name of the Vulnerable Software and Affected Versions NVIDIA TensorRT affected versions not specified Description An issue exists where an attacker could cause an out-of-bounds write, which is a condition where data is written outside the boundaries of a pre-allocated fixed-length block of memory...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021619 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracingcpumaskwrite If a large count is provided, it will trigger ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021616 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in...

CVE-2026-48131 - VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Symptoms - The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality. - The...

PT-2026-42366

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

Linux Distros Unpatched Vulnerability : CVE-2026-34159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor'...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021638 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block...

PT-2026-42379

free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf...

Linux Distros Unpatched Vulnerability : CVE-2026-45232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...

Rsync 安全漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync prior to 3.4.3 contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the handling of daemon process files, where checks on...

PT-2026-42055

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An off-by-one out-of-bounds stack write exists in the establish proxy connection function within socket.c. Network attackers can corrupt stack memory by sending a malformed HTTP proxy response. This...

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the image decoding process when handling grid tile chroma compositing. An attacker can execute arbitrary code or cause a denial of service by crafting a specially designed HEIF/AVIF file with a 1×4 grid of...

Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel

🩸 CVE-2026-31635 – DirtyDecrypt Linux Kernel Local Priv...

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...