Monthly
Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.
Docker daemon privilege validation logic in plugin installation contains a comparison error that allows malicious plugins to bypass approval checks and request unintended privileges, including sensitive device access permissions. The vulnerability affects Docker and Moby (pkg:go/github.com_docker_docker, pkg:go/github.com_moby_moby) across multiple versions, with CVSS 6.8 reflecting high confidentiality and integrity impact. Exploitation requires installation from a malicious plugin source and user interaction during the install prompt, but no active public exploitation has been confirmed.
Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certificate filenames of exactly 100 characters due to off-by-one boundary check error in IsoMux component. EVerest-core versions prior to 2026.02.0 are affected (CPE cpe:2.3:a:everest:everest-core). The vulnerability has a CVSS score of 8.4 with local attack vector and no privilege requirements (AV:L/PR:N), allowing unauthenticated local attackers to achieve code execution. No public exploit identified at time of analysis, though technical details are available in GitHub security advisory GHSA-cpqf-mcqc-783m.
GIMP's PCX file loader contains a heap buffer over-read vulnerability caused by an off-by-one error (CWE-193) that allows local attackers to trigger out-of-bounds memory disclosure and application crashes by opening specially crafted PCX images. Red Hat Enterprise Linux versions 6 through 9 are affected. The vulnerability requires user interaction to open a malicious file but carries a CVSS score of 6.1 with high availability impact; no public exploit code or active exploitation has been identified at the time of analysis.
An off-by-one error in fontconfig before version 2.17.1 allows a one-byte out-of-bounds write in the FcFontCapabilities function within fcfreetype.c during sfnt capability handling. This vulnerability affects all versions of fontconfig prior to 2.17.1 across multiple platforms, potentially enabling local attackers without special privileges to crash the application or execute arbitrary code. A patch is available through the official fontconfig GitLab repository, and given the memory corruption nature of the defect, exploitation is feasible on systems with fontconfig-dependent applications.
Single-byte buffer overflow vulnerability in the WiFiMulti component of arduino-TuyaOpen (versions before 1.2.1) that allows remote code execution when IoT devices connect to attacker-controlled WiFi access points. This affects Tuya's Arduino library used in smart home devices, with a CVSS score of 8.4, though the local attack vector (AV:L) suggests physical proximity is required despite the remote exploitation capability described.
Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.
Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]
The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]
Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.
Docker daemon privilege validation logic in plugin installation contains a comparison error that allows malicious plugins to bypass approval checks and request unintended privileges, including sensitive device access permissions. The vulnerability affects Docker and Moby (pkg:go/github.com_docker_docker, pkg:go/github.com_moby_moby) across multiple versions, with CVSS 6.8 reflecting high confidentiality and integrity impact. Exploitation requires installation from a malicious plugin source and user interaction during the install prompt, but no active public exploitation has been confirmed.
Stack-based buffer overflow in EVerest EV charging software stack enables local code execution when processing certificate filenames of exactly 100 characters due to off-by-one boundary check error in IsoMux component. EVerest-core versions prior to 2026.02.0 are affected (CPE cpe:2.3:a:everest:everest-core). The vulnerability has a CVSS score of 8.4 with local attack vector and no privilege requirements (AV:L/PR:N), allowing unauthenticated local attackers to achieve code execution. No public exploit identified at time of analysis, though technical details are available in GitHub security advisory GHSA-cpqf-mcqc-783m.
GIMP's PCX file loader contains a heap buffer over-read vulnerability caused by an off-by-one error (CWE-193) that allows local attackers to trigger out-of-bounds memory disclosure and application crashes by opening specially crafted PCX images. Red Hat Enterprise Linux versions 6 through 9 are affected. The vulnerability requires user interaction to open a malicious file but carries a CVSS score of 6.1 with high availability impact; no public exploit code or active exploitation has been identified at the time of analysis.
An off-by-one error in fontconfig before version 2.17.1 allows a one-byte out-of-bounds write in the FcFontCapabilities function within fcfreetype.c during sfnt capability handling. This vulnerability affects all versions of fontconfig prior to 2.17.1 across multiple platforms, potentially enabling local attackers without special privileges to crash the application or execute arbitrary code. A patch is available through the official fontconfig GitLab repository, and given the memory corruption nature of the defect, exploitation is feasible on systems with fontconfig-dependent applications.
Single-byte buffer overflow vulnerability in the WiFiMulti component of arduino-TuyaOpen (versions before 1.2.1) that allows remote code execution when IoT devices connect to attacker-controlled WiFi access points. This affects Tuya's Arduino library used in smart home devices, with a CVSS score of 8.4, though the local attack vector (AV:L) suggests physical proximity is required despite the remote exploitation capability described.
Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.
Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]
The BACnet Protocol Stack library versions 1.4.2 and earlier contain an off-by-one buffer overflow in the ubasic interpreter's string tokenizer that crashes the application when processing oversized string literals. Public exploit code exists for this vulnerability, which affects any system running vulnerable versions of the BACnet Stack or Stack Overflow products. An attacker with local access and user interaction can trigger a denial of service condition through a specially crafted input string.
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]