6577 matches found
firefox -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=2017513%2C2017622%2C2019341 reports: Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
xrdp -- Multiple vulnerabilities
xrdp project reports: This release includes 8 security fixes: CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624 CVE-2026-33145 CVE-2026-32516 CVE-2026-32689 CVE-2026-35512...
homebox -- multiple vulnerabilities
Homebox reports: HIGH CVE-2026-27981: Auth Rate Limit Bypass via IP Spoofing MODERATE CVE-2026-27600: Blind SSRF MODERATE CVE-2026-26272: Stored XSS via HTML/SVG Attachment Upload...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of Service issue in container registry impacts GitLab CE/EE Denial of Service issue in Jira events endpoint impacts GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests impacts...
mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API
Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status...
gstreamer1 -- multiple vulnerabilities
The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release: Twelve security vulnerabilities were addressed, including: Out-of-bounds reads and writes in the H.266 video parser, WAV parser, MP4 and ASF demuxers, and DVB subtitle decoder. Integer overflows in the RI...
Mozilla -- Integer overflow
https://bugzilla.mozilla.org/showbug.cgi?id=2009552 reports: Integer overflow in the Libraries component in NSS...
Mozilla -- Undefined behavior in the DOM: Core & HTML component
https://bugzilla.mozilla.org/showbug.cgi?id=2014593 reports: Undefined behavior in the DOM: Core & HTML component...
FreeBSD -- Local DoS and possible privilege escalation via routing sockets
Problem Description: The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily...
Mozilla -- Multiple vulnerabilities
CVE-2026-2809: Memory safety bug in the JavaScript: WebAssembly component. CVE-2026-2808: Integer overflow in the JavaScript: Standard Library component...
FreeBSD -- Jail chroot escape via fd exchange with a different jail
Problem Description: If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has...
Firefox -- Multiple vulnerabilities
CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806: Uninitialized memory in the Graphics: Text component. CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. CVE-2026-2803...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user fully encrypted if they already know its internal UUID. GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an...
py-ormar -- vulnerabilities
https://github.com/ormar-orm/ormar/security/advisories reports: SQL Injection in aggregate functions min and max Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3669 / CVE-2026-27099 Stored XSS vulnerability in node offline cause description Medium SECURITY-3658 / CVE-2026-27100 Build information disclosure vulnerability through Run Parameter...
chromium -- security fixes
Chrome Releases reports: This update includes 3 security fixes: 477033835 High CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax on 2026-01-19 481074858 High CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park@candymate of KAIST Hacking Lab on 2026-02-03 476461867 Medi...
go-ethereum -- vulnerabilities
https://github.com/ethereum/go-ethereum/security/advisories reports: DoS via malicious p2p message CVE-2026-26313 DoS via malicious p2p message CVE-2026-26314 Improper ECIES Public Key Validation in RLPx Handshake CVE-2026-26315...
Mozilla -- Heap buffer overflow
https://bugzilla.mozilla.org/showbug.cgi?id=2014390 reports: Heap buffer overflow in libvpx...
openexr -- buffer overflow in istream_nonparallel_read on invalid input data
Cary Phillips reports: openexr v3.4.5 ... fixes an incorrect size check in istreamnonparallelread that could lead to a buffer overflow on invalid input data...
PowerDNS -- vulnerabilities
PowerDNS Team reports: CVE-2026-33257: Insufficient input validation of internal webserver CVE-2026-33260: Insufficient input validation of internal webserver CVE-2026-33608: Incomplete domain name sanitization during Bind autosecondary zone transfer CVE-2026-33609: LDAP DN injection...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 483569511 High CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11...
Grafana -- Public Dashboards time range restriction on annotations can be bypassed
https://grafana.com/security/security-advisories/cve-2026-21722 reports: Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific...
PostgreSQL -- Multiple vulnerabilities
The PostgreSQL project reports: Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Missing...
Grafana -- XSS in Grafana Explore stack trace
https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasourc...
traefik -- TCP readTimeout bypass via STARTTLS on Postgres
The traefik project reports: There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then stalling, causing connections to remain...
png -- CWE-122: Heap-based Buffer Overflow
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the...
MongoDB Server -- CWE-704 Incorrect Type Conversion or Cast
https://jira.mongodb.org/browse/SERVER-113685 reports: An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...
Gitlab -- vulnerabilities
Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service issue in GraphQL introspection impacts GitLab CE/EE Denial of Service issue in JSON validation middleware impacts GitLab CE/EE Cross-site Scripting issue in Code Flow impacts GitLab CE/EE HTML Injection...
MongoDB Server -- CWE-617 Reachable Assertion
https://jira.mongodb.org/browse/SERVER-99119 reports: An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...
FreeBSD -- blocklistd(8) socket leak
Problem Description: Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null...
MongoDB Server -- Multiple vulnerabilities
https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. https://jira.mongodb.org/browse/SERVER-102364 reports: MongoDB Server may experience an out-of-memory failure while evaluating...
munge -- CWE-787: Out-of-bounds Write
https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...
oauth2-proxy -- multiple vulnerabilities
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 478942410 High CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google on 2026-01-26 479726070 High CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng @ret2happy on 2026-01-29...
navidrome -- multiple vulnerabilities
An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL...
qt6-webengine -- multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2025-13638: Prevent media element GC in callbacks in WebMediaPlayerMS CVE-2025-13639: Improve validation of SDP direction in remote description CVE-2025-13720: Avoid downcasting Hash and Integrity reports...
expat -- multiple vulnerabilities
expat team reports: Update contains 2 security fixes: CVE-2026-24515: NULL dereference in function XMLExternalEntityParserCreate CVE-2026-25210: missing check for integer overflow in function doContent...
qt6-webengine -- multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...
zeek -- potential DoS vulnerability
Tim Wojtulewicz of Corelight reports: Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding or Content-Length headers set in MIME entities within HTTP bodies and change the analyzer behavior...
chromium -- security fix
Chrome Releases reports: This update includes 1 security fix: 474435504 High CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera @lbherrera on 2026-01-09...
FreeBSD -- Jail escape by a privileged user via nullfs
Problem Description: By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the...
Firefox -- Multiple vulnerabilities
https://bugzilla.mozilla.org/showbug.cgi?id=2007302 reports: Mitigation bypass in the Privacy: Anti-Tracking component. Use-after-free in the Layout: Scrolling and Overflow component...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...
wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file...
Gitlab -- vulnerabilities
Gitlab reports: Denial of Service issue in Jira Connect integration impacts GitLab CE/EE Incorrect Authorization issue in Releases API impacts GitLab CE/EE Unchecked Return Value issue in authentication services impacts GitLab CE/EE Infinite Loop issue in Wiki redirects impacts GitLab CE/EE Denia...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 473851441 High CVE-2026-1220: Race in V8. Reported by @p1nky4745 on 2026-01-07...
MySQL -- Multiple vulnerabilities
Oracle reports: Oracle reports multiple vulnerabilities in its MySQL server products...
Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines
Python Software Foundation Security Developer reports: The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...
Python -- poplib module, when passed a user-controlled command, can have additional commands injected using newlines
Python Software Foundation Security Developer reports: The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...