6577 matches found
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2022554 reports: Incorrect boundary conditions in the Graphics: WebGPU component...
Mozilla -- Memory safety bugs
Mozilla reports: Memory safety bugs present in Firefox ESR, Firefox ESR , Thunderbird ESR, and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- Incorrect boundary conditions, integer overflow
https://bugzilla.mozilla.org/showbug.cgi?id=2017867 reports: Incorrect boundary conditions, integer overflow in the Graphics: Text component...
chromium -- security fixes
Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...
gstreamer1 -- multiple vulnerabilities
The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.2 release: Several security vulnerabilities were addressed, including: H.264 video parser NULL pointer dereference when freeing SPS/MVC data. Integer overflows in the AV1 LEB128 parser, H.266/VVC video parser, and W...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 reports: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence o...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Seven vulnerabilities in OpenSSL library. Highest classification Moderate...
python -- more webbrowser.open() command injection vulnerabilities
Seth Larson reports: CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open There is a HIGH severity vulnerability affecting CPython. Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypasse...
py-strawberry-graphql -- Multiple vulnerabilities
The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a 'connectioninit' handshake has been completed before processing start...
powerdns-recursor -- vulnerabilities
PowerDNS Team reports: CVE-2026-3361: ZoneToCache can poison the cache CVE-2026-40012: Information about ECS zero scoped answers might leak to clients that use a specific ECS CVE-2026-42005: Unbounded resource consumption in internal webserver CVE-2026-42387: Insufficient input validation in...
chromium -- security fixes
Chrome Releases reports: This update includes 21 security fixes: 493952652 High CVE-2026-5273: Use after free in CSS. Reported by Anonymous on 2026-03-18 491732188 High CVE-2026-5272: Heap buffer overflow in GPU. Reported by inspector-ambitious on 2026-03-11 488596746 High CVE-2026-5274: Integer...
DNSdist -- vulnerabilities
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DN...
Mbed TLS -- vulnerabilities
https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...
MongoDB Server -- CWE-617: Reachable Assertion
https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...
Roundcube -- SVG Attribute Bypass
The Roundcube project reports:...
Grafana -- Public dashboards discloses all direct mode datasources
https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-source...
Grafana -- OpenFeature evaluation API reads input data with no bounds
https://grafana.com/security/security-advisories/cve-2026-27880 reports: The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
Grafana -- Query resampling can cause unbounded memory allocations
https://grafana.com/security/security-advisories/cve-2026-27879 reports: A resample query can be used to trigger out-of-memory crashes in Grafana...
Grafana -- Grafana Testdata datasource can issue unbounded memory allocations
https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
Grafana -- RCE on Grafana via sqlExpressions
https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avo...
openexr -- multiple vulnerabilities
Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CVE-2026-34380 Signed integer overflow undefined behavior in undopxr24impl may allow bounds-che...
traefik -- Multiple vulnerabilities
The traefik project releases a new version addressing multiple CVEs: CVE-2026-33433 BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField CVE-2026-33186 authorization bypass via missing leading slash in :path...
Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
FreeBSD -- pf silently ignores certain rules
Problem Description: A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed...
FreeBSD -- Remote denial of service via null pointer dereference
Problem Description: On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. Impact: An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service...
Gitlab -- vulnerabilities
Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts GitLab CE/EE Cross-Site Request Forgery issue in GLQL API impacts GitLab CE/EE HTML Injection in vulnerability report impacts GitLab EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Improper...
FreeBSD -- TCP: remotely exploitable DoS vector (mbuf leak)
Problem Description: When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. Impact: If an attacker is either on path with an established TCP...
FreeBSD -- Remote code execution via RPCSEC_GSS packet validation
Problem Description: Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notabl...
dnsmasq -- multiple vulnerabilities
Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...
(lib)tiff -- Integer Overflow or Wraparound
PrymEvol and Quang Luong reports: A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrec...
Mozilla -- Multiple vulnerabilities
CVE-2026-4688: Sandbox escape due to use-after-free in Disability Access APIs. CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4700: Mitigation bypass in the...
Mozilla -- Multiple vulnerabilities
CVE-2026-4721: Memory safety bugs. Potential arbitrary code execution. CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component. CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4706: Incorrect boundary conditions in the Graphics:...
Mozilla -- Multiple vulnerabilities
CVE-2026-4729: Memory safety bugs CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component. CVE-2026-4727: Denial-of-service in the Libraries component in NSS. CVE-2026-4726: Denial-of-service in the XML component. CVE-2026-4725: Sandbox escape due to use-after-free in the Graphics:...
Python -- configparser vulnerable to excessive CPU use
Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic backtracking...
chromium -- security fixes
Chrome Releases reports: This update includes 8 security fixes: 485397284 High CVE-2026-4673: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 488188166 High CVE-2026-4674: Out of bounds read in CSS. Reported by Syn4pse on 2026-02-27 488270257 High...
Python -- The webbrowser.open() API allows leading dashes
https://github.com/python/cpython/pull/143931 reports: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to...
Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF
Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...
UniFi Network Application - Multiple vulnerabilities
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b reports: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. A...
traefik -- Multiple vulnerabilities
The traefik project releases a new version addressing multiple CVEs: CVE-2026-32595 BasicAuth Middleware Timing Attack CVE-2026-32305 Potential mTLS Bypass via Fragmented TLS ClientHello CVE-2026-32695 Details not yet available...
nghttp2 -- CWE-617: Reachable Assertion
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 reports: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesessi...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...
chromium -- security fixes
Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory 2026-03-18: SECURITY-3657 / CVE-2026-33001: Arbitrary file write vulnerability through specially crafted archives in Jenkins High SECURITY-3674 / CVE-2026-33002: DNS rebinding vulnerability in WebSocket CLI origin validation in Jenkins High...
OpenSSL -- key agreement vulnerability
The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google Threat Analysis Group on 2026-03-10...
chromium -- security fixes
Chrome Releases reports: This update includes 2 security fixes: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google on 2026-03-10 491410818 High CVE-2026-3910: Inappropriate implementation in V8. Reported by Google on 2026-03-10...
curl -- Multiple vulnerabilties
The curl project reports: use after free in SMB connection reuse wrong proxy connection reuse with credentials token leak with redirect and netrc bad reuse of HTTP Negotiate connection...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...
chromium -- security fixes
Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...
Firefox -- Same-origin policy bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2018400 reports: Same-origin policy bypass in the CSS Parsing and Computation component...