Log inCVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
23 Mei 2026 om 10:44
Information published.
Normale weergave
Ontvangen β 23 Mei 2026
β
Microsoft Security
-
Microsoft Security
- CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
23 Mei 2026 om 10:42
Information published.
-
- CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
23 Mei 2026 om 10:40
Information published.
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
23 Mei 2026 om 10:40
Information published.
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
23 Mei 2026 om 10:40
Information published.
-
- CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
23 Mei 2026 om 10:39
Information published.
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
23 Mei 2026 om 10:44
Information published.
-
- CVE-2026-44673 libyang: lyb_read_string() integer overflow β heap buffer overflow
CVE-2026-44673 libyang: lyb_read_string() integer overflow β heap buffer overflow
23 Mei 2026 om 10:44
Information published.
-
- CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
23 Mei 2026 om 10:40
Information published.
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
23 Mei 2026 om 10:40
Information published.
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
23 Mei 2026 om 10:40
Information published.
CVE-2026-40622 Another 'ghost domain names' attack variant
23 Mei 2026 om 10:40
Information published.
CVE-2026-42534 Jostle logic bypass degrades resolution performance
23 Mei 2026 om 10:40
Information published.
CVE-2026-41292 Long list of incoming EDNS options degrades performance
23 Mei 2026 om 10:39
Information published.
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
23 Mei 2026 om 10:39
Information published.
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
23 Mei 2026 om 10:39
Information published.
CVE-2026-42959 Crash during DNSSEC validation of malicious content
23 Mei 2026 om 10:39
Information published.
-
- CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
23 Mei 2026 om 10:39
Information published.
CVE-2026-32792 Packet of death with DNSCrypt
23 Mei 2026 om 10:39
Information published.
-
- CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
23 Mei 2026 om 10:38
Information published.
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
23 Mei 2026 om 10:38
Information published.
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
23 Mei 2026 om 10:38
Information published.
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
23 Mei 2026 om 10:38
Information published.
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
23 Mei 2026 om 10:38
Information published.
-
- CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
23 Mei 2026 om 10:02
Information published.
-
- CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly
23 Mei 2026 om 10:02
Information published.
CVE-2026-8711 NGINX JavaScript vulnerability
23 Mei 2026 om 10:02
Information published.
-
- CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit
23 Mei 2026 om 10:02
Information published.
-
- CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
23 Mei 2026 om 10:01
Information published.
CVE-2026-5950 Unbounded resend loop in BIND 9 resolver
23 Mei 2026 om 10:01
Information published.
