60404 matches found
Vienna Symphonic Library Vienna Assistant 安全漏洞
Vienna Symphonic Library Vienna Assistant is a music sampling library download and management tool provided by Vienna Symphonic Library. There is a security vulnerability in Vienna Symphonic Library Vienna Assistant, which stems from the lack of client validation and endpoint validation. This...
OpenClaw Path Restriction Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...
OpenClaw path traversal vulnerability (CNVD-2026-16042)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu media download process failing to properly filter special elements in the path of a resource or file, which can be exploited by a...
RHEL 10 : freerdp (RHSA-2026:5939)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5939 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
SUSE SLED15: firewalld-prometheus-config / golang-github-prometheus-alertmanager / etc (SUSE-SU-2026:1008-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1008-1 advisory. golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: - Internal changes...
ALSA-2026:5941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
RHEL 10 : golang (RHSA-2026:5943)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5943 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...
RHEL 9 : golang (RHSA-2026:5942)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5942 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...
ALSA-2026:5942 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
RHEL 10 : golang (RHSA-2026:5941)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5941 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...
RHEL 9 : golang (RHSA-2026:5944)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5944 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...
Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...
openexr -- multiple vulnerabilities
Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CVE-2026-34380 Signed integer overflow undefined behavior in undopxr24impl may allow bounds-che...
GHSA-F7XC-5852-FJ99 Saloon has a Fixture Name Path Traversal Vulnerability
Impact Users with MockResponse fixtures that use path traversal. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description Fixture names were used to build file paths under the configured fixture directory without validation. A name containin...
Zoraxy: Authenticated Path Traversal in Config Import leads to RCE
Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error via the FcFontCapabilities function in fcfreetype.c. An attacker can cause a one-byte out-of-bounds write, potentially leading to a crash or execution of arbitrary code by supplying crafted input that triggers the...
EUVD-2026-15934
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...
DEBIAN-CVE-2026-34085
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...
SUSE CVE-2026-23302
In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...
SUSE CVE-2026-23316
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...