60484 matches found
RLSA-2023:3018 Low: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
libarchive security update
An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...
PT-2026-26750
Name of the Vulnerable Software and Affected Versions Graphiti versions prior to 1.10.2 Description Graphiti is a framework that exposes models through a JSON:API-compliant interface. Versions prior to 1.10.2 contain a flaw where an attacker can construct a malicious JSONAPI payload with arbitrar...
Imagination Graphics DDK 安全漏洞
Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from an out-of-bound write operation in the GPU shader compiler library, potentially leading to crashes...
PT-2026-26678
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.17 Description libde265 is an open source implementation of the h.265 video codec. A crafted HEVC bitstream can cause an out-of-bounds heap write. This occurs due to a stale ctb info.log2unitSize after an SPS...
PT-2026-26792
Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.4.0 through 0.5.0b3.dev96 Description: pyLoad, a free and open-source download manager written in Python, contains a flaw in the set config value API endpoint. Users with the non-admin SETTINGS permission can modify any...
Linux Distros Unpatched Vulnerability : CVE-2026-4440
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...
PT-2026-26592
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...
Halloy 路径遍历漏洞
Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...
PT-2026-31533
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Improper input validation within the WebML component in Google Chrome could lead to an out-of-bounds memory write. This issue was discovered in versions of Google Chrome before...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by out-of-bound writing in the V8 engine, potentially leading to heap corruption...
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...
Missing Authorization
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Missing Authorization via the /save-document endpoint. An attacker can modify system files, overwrite configuration or startup scripts, or execute arbitrary code by sending crafted requests to write...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by excessive reading and writing operations related to WebGL. This vulnerability could lead to arbitrary reading and writing...
CVE-2026-4450
Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-29104
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...
CVE-2026-22732
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the wcHpkeLabeledExtract function when processing an oversized ECH configuration. An attacker can cause a client crash or achieve remote code execution by sending a maliciously crafted ECH config from a TLS server...
CVE-2026-32017
OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling...
CVE-2026-32018
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...