6577 matches found
net/rsync -- multiple vulnerabilities
The rsync project reports: Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case. In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths: bounded wire-supplied counts an...
FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE)
Problem Description: ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. Impact: T...
gitea -- multiple vulnerabilities
The Gitea team reports: CVE-2026-27783: incorrect read permission check CVE-2026-25714: public-only token filtering bypass CVE-2026-20706: missing token scope checking CVE-2026-27771: unauthenticated access to private container images CVE-2026-28744: git smart HTTP request scope bug CVE-2026-2869...
MariaDB -- Multiple vulnerabilities
The MariaDB project reports: See linked CVE's for details...
Vinyl/Varnish -- HTTP/2 parsing deficiency
Vinyl Development Team reports: A deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass or possibly even information disclosure and manipulation...
traefik -- Unauthorized exposure of the REST provider
The traefik project releases a new version addressing a CVE: CVE-2026-44774 Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider...
www/nginx -- Remote Code Execution/DoS
nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...
mail/mailpit -- multiple vulnerabilities
Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes GHSA-fpxj-m5q8-fphw Include CGNAT Carrier-Grade NAT in internal IP checks GHSA-j3fj-qppj-fmmc Block internal IP access by default in HTML check GHSA-j3fj-qppj-fmmc Fix f...
PostgreSQL -- Multiple vulnerabilities
The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...
nginx-devel -- multiple vulnerabilities
The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2 proxying, rewrite handling, SCGI/uWSGI response handling, charset conversion, HTTP/3 connection migration, and OCSP resolver response processing...
zeek -- potential DoS vulnerability
Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...
gstreamer1 -- multiple vulnerabilities
The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.3 release: Six security vulnerabilities were addressed, including: Bounds check errors in MXF VANC packet handling. Use-after-free in GStreamer core buffer value deserialization. Out-of-bounds read in MXF demuxer...
www/gohugo -- CWE-79: XSS vulnerabilities
https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to...
firefox -- Memory safety bugs present in Firefox ESR 115
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
firefox -- Use-after-free
https://bugzilla.mozilla.org/showbug.cgi?id=2034352 reports: Use-after-free in the DOM: Networking component...
firefox -- Memory safety bugs present in Firefox 150
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2029301 reports: Incorrect boundary conditions in the Audio/Video: Playback component...
firefox ESR -- Other issue in the WebRTC component
https://bugzilla.mozilla.org/showbug.cgi?id=2035939 reports: Other issue in the WebRTC component...
chromium -- security fixes
Chrome Releases reports: This update includes 127 security fixes: Critical: 493747582 CVE-2026-7896: Integer overflow in Blink. 504069514 CVE-2026-7897: Use after free in Mobile. 504587882 CVE-2026-7898: Use after free in Chromoting. High: 505481948 CVE-2026-7899: Out of bounds read and write in...
www/apache24 -- Multiple vulnerabilities
The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...
Prosody XMPP server advisory 2026-04-29
The Prosody team reports: Traffic patterns were discovered which can cause Prosody to consume excessive amounts of memory with much smaller amounts of incoming traffic. This traffic can be sent by unauthenticated connections. It was discovered that modproxy65’s access control was broken and...
FreeBSD -- Local privilege escalation via execve()
Problem Description: An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. Impact: The bug may be exploitable by an unprivileged user to obtain superuser privileges...
MongoDB Server -- Multiple vulnerabilities
https://jira.mongodb.org/browse/SERVER-119981 reports: Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. An authorization flaw in the user management command could allow an authenticated user to make limited changes t...
FreeBSD -- Heap overflow in libnv
Problem Description: When processing the header of an incoming message, libnv failed to properly validate the message size. Impact: The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible...
FreeBSD -- pf can overflow the stack parsing crafted SCTP packets
Problem Description: Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Impact: Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to...
Text::CSV_XS -- CWE-825 Expired Pointer Dereference
H.Merijn Brand - Tux reports: Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example...
FreeBSD -- Stack overflow via select() file descriptor set overflow
Problem Description: When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. Impact: An attacker who is able to force a libnv applicati...
FreeBSD -- Remotely triggerable out-of-bounds heap write in dhclient
Problem Description: As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. Impact: A specially crafted...
FreeBSD -- Remote code execution via malicious DHCP options
Problem Description: The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the...
openexr -- multiple vulnerabilities
Cary Phillips reports: OpenEXR v3.4.11 is a patch release that addresses the following security vulnerabilities: CVE-2026-42217 Shift exponent overflow in readVariableLengthInteger ImfIDManifest.cpp CVE-2026-42216 Out-of-bounds read in IDManifest::init during prefix expansion CVE-2026-41142 Integ...
Mozilla -- Sandbox escape
https://bugzilla.mozilla.org/showbug.cgi?id=2029461 reports: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...
firefox -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 reports: Memory safety bugs. Some of these bugs showed evidenc...
firefox -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
firefox -- Information disclosure
https://bugzilla.mozilla.org/showbug.cgi?id=2027433 reports: Information disclosure due to incorrect boundary conditions in the Audio/Video component...
firefox -- Information disclosure
https://bugzilla.mozilla.org/showbug.cgi?id=2027433 reports: Information disclosure due to incorrect boundary conditions in the Audio/Video component...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=2028537%2C2029911%2C2031121%2C2033602 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
modsecurity3 -- multiple vulnerabilities
ModSecurity is an open source web application firewall engine. According to the upstream changelog, multiple vulnerabilities have been fixed. CVE-2026-42268: unsigned integer underflow in verify operators CVE-2026-30923: buffer overflow in hexdecode...
Gitlab -- vulnerabilities
Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab Improper Resolution of Path Equivalence issue in Web IDE asset impacts GitLab CE/EE Cross-site Scripting issue in Storybook impacts GitLab CE/EE Denial of Service issue in discussions endpoint impacts GitL...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C...
Mozilla -- Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component
https://bugzilla.mozilla.org/showbug.cgi?id=2027564 reports: Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component...
Mozilla -- Other issue in the Networking: DNS component
https://bugzilla.mozilla.org/showbug.cgi?id=2022726 reports: Other issue in the Networking: DNS component...
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2021770 reports: Incorrect boundary conditions in the WebRTC: Networking component...
Mozilla -- Incorrect boundary conditions in the WebRTC component
https://bugzilla.mozilla.org/showbug.cgi?id=2021768 reports: Incorrect boundary conditions in the WebRTC component...
Mozilla -- Denial-of-service
https://bugzilla.mozilla.org/showbug.cgi?id=2015959 reports: Denial-of-service due to integer overflow in the Graphics: WebGPU component...
Mozilla -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2025067 reports: Mitigation bypass in the DOM: Security component...
Mozilla -- Other issue in the Storage: IndexedDB component
https://bugzilla.mozilla.org/showbug.cgi?id=2024220 reports: Other issue in the Storage: IndexedDB component...
Mozilla -- Information disclosure
https://bugzilla.mozilla.org/showbug.cgi?id=2022419 reports: Information disclosure in the Form Autofill component...
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2022162 reports: Incorrect boundary conditions in the DOM: Device Interfaces component...
Mozilla -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2016923 reports: Mitigation bypass in the Networking: Cookies component...