Open Source Security

[vim-security] NetBeans specialKeys Stack Buffer Overflow with Vim <9.1.2148

Fri, 13 Feb 2026 19:17:13 GMT

Posted by Christian Brabandt on Feb 13

NetBeans specialKeys Stack Buffer Overflow with Vim <9.1.2148
=============================================================
Date: 13.02.2026
Severity: Medium
CVE: CVE-2026-26269
CWE: Stack-based Buffer Overflow (CWE-121)

### Summary
A stack buffer overflow vulnerability exists in Vim's NetBeans integration
when processing the `specialKeys` command, affecting Vim builds that enable
and use the NetBeans feature.

Stack buffer overflow...

CVE-2025-40905: WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

Fri, 13 Feb 2026 17:47:56 GMT

Posted by Alan Coopersmith on Feb 13

https://lists.security.metacpan.org/cve-announce/msg/36977848/ warns:

CVE-2025-33042: Apache Avro Java SDK: Code injection on Java generated code

Thu, 12 Feb 2026 18:51:10 GMT

Posted by Ryan Skraba on Feb 12

Severity: moderate

Affected versions:

- Apache Avro Java SDK (org.apache.avro:avro) through 1.11.4
- Apache Avro Java SDK (org.apache.avro:avro) 1.12.0

Description:

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating
specific records from untrusted Avro schemas.

This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0.

Users are...

Pillow 12.1.1 released with fix for CVE-2026-25990

Thu, 12 Feb 2026 01:25:06 GMT

Posted by Alan Coopersmith on Feb 11

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html announces
the release of Pillow 12.1.1 on 2026-02-11 with these changes:

[At the time of this writing the cached copy on readthedocs has the wrong
CVE id, but https://github.com/python-pillow/Pillow/pull/9430/changes
corrects it in the source document.]

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc
adds that a workaround is available:...

PyCA cryptography 46.0.5 released with fix for CVE-2026-26007

Tue, 10 Feb 2026 22:13:55 GMT

Posted by Alan Coopersmith on Feb 10

-------- Forwarded Message --------
Subject: [Python-announce] PyCA cryptography 46.0.5 released
Date: Tue, 10 Feb 2026 13:33:26 -0600
From: Paul Kehrer via Python-announce-list <python-announce-list () python org>
Reply-To: python-list () python org
To: cryptography-dev () python org, python-announce-list () python org
CC: Paul Kehrer <paul.l.kehrer () gmail com>

PyCA cryptography 46.0.0 has been released to PyPI. cryptography...

CVE-2026-25506: MUNGE 0.5-0.5.17 buffer overflow allowing key leakage

Tue, 10 Feb 2026 18:34:57 GMT

Posted by Chris Dunlap on Feb 10

A buffer overflow vulnerability in MUNGE allows a local attacker to leak
cryptographic key material from the munged daemon process memory. With
the leaked key material, the attacker could forge arbitrary MUNGE
credentials to impersonate any user to services that rely on MUNGE for
authentication.

The vulnerability allows a buffer overflow by sending a crafted message
with an oversized address length field, corrupting munged's internal...

PowerDNS Security Advisory 2026-01: Crafted zones can lead to increased resource usage in Recursor

Tue, 10 Feb 2026 11:00:10 GMT

Posted by Otto Moerbeek on Feb 10

We have released PowerDNS Recursor 5.1.10, 5.2.8 and 5.3.5.

These releases fix a PowerDNS Security Advisory

* 2026-01: Crafted zones can lead to increased resource usage in
Recursor

There are two CVEs associated with this advisory, both of severity
Medium.
__________________________________________________________________

* CVE: CVE-2026-24027
* Date: 9th February 2026
* Affects: PowerDNS Recursor...

Re: FreeRDP fixes 12 CVEs in 3.22.0 release

Tue, 10 Feb 2026 03:39:17 GMT

Posted by Solar Designer on Feb 09

All 3 of these "Heap-buffer-overflow" issues are actually out of bounds
reads, per ASan. It's another case of ASan mislabeling this, and people
blindly copying what it says into advisories and CVE titles.

It can't be ruled out (without code review) that if the out of bounds
reads did not terminate processing, some of them could possibly be
followed by out of bounds writes. However, ASan is currently unable to
find this.

I...

FreeRDP fixes 12 CVEs in 3.22.0 release

Mon, 09 Feb 2026 23:33:33 GMT

Posted by Alan Coopersmith on Feb 09

https://www.freerdp.com/2026/01/28/3_22_0-release announced:
> FreeRDP 3.22.0 has just been released and uploaded to
>
> https://pub.freerdp.com/releases/
>
> Major bugfix release:
>
> * Complete overhaul of SDL client
> * Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or
> C language version specific [[nodiscard]] attributes
> * Addition of WINPR_ATTR_NODISCARD to (some) public...

libpng 1.6.55: Heap buffer overflow vulnerability fixed: CVE-2026-25646

Mon, 09 Feb 2026 23:23:10 GMT

Posted by Cosmin Truta on Feb 09

Hello, everyone,

libpng 1.6.55 has been released to address a heap buffer overflow
vulnerability in the low-level API. This release fixes one
high-severity CVE affecting all versions of libpng.

CVE-2026-25646 (High): Heap buffer overflow in png_set_quantize
when called with no histogram and a palette larger than twice the
requested maximum number of colors.

The vulnerability exists in the color quantization code that reduces
the number of...

gnutls 3.8.12 fixes CVE-2026-1584 & CVE-2025-14831

Mon, 09 Feb 2026 21:38:05 GMT

Posted by Alan Coopersmith on Feb 09

[https://gnutls.org/security-new.html does not yet seem to be updated with
information on GNUTLS-SA-2026-02-09-1 & GNUTLS-SA-2026-02-09-2.]

-------- Forwarded Message --------
Subject: gnutls 3.8.12
Date: Mon, 9 Feb 2026 10:25:10 -0600
From: Alexander Sosedkin <asosedkin () redhat com>
To: gnutls-help () lists gnutls org
CC: info-gnu () gnu org

Hello,

We have just released gnutls-3.8.12. This is a bug fix, security and
enhancement...

CVE-2026-23906: Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Mon, 09 Feb 2026 17:27:41 GMT

Posted by Karan Kumar on Feb 09

Severity: important

Affected versions:

- Apache Druid (org.apache.druid.extensions:druid-basic-security) 0.17.0 before 36.0.0

Description:

Affected Products and Versions
* Apache Druid
* Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)
* Prerequisites: * druid-basic-security extension enabled
* LDAP authenticator configured
* Underlying LDAP server permits anonymous bind ...

CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Mon, 09 Feb 2026 16:24:09 GMT

Posted by Qingran Zhao on Feb 09

Severity: Important

Affected versions:

- Apache HertzBeat (org.apache.hertzbeat:hertzbeat-collector) 1.7.1 before 1.8.0

Description:

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References:

https://hertzbeat.apache.org...

CVE-2026-24098: Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Mon, 09 Feb 2026 16:16:40 GMT

Posted by Ephraim Anierobi on Feb 09

Severity: low

Affected versions:

- Apache Airflow (apache-airflow) before 3.1.7

Description:

Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or
more specific Dags to view import errors generated by other Dags they did not have access to.

Users are advised to upgrade to 3.1.7 or later, which resolves this issue

Credit:

Saurabh (finder)

References:...

CVE-2026-22922: Apache Airflow: Airflow externalLogUrl Permission Bypass

Mon, 09 Feb 2026 16:14:14 GMT

Posted by Ephraim Anierobi on Feb 09

Severity: low

Affected versions:

- Apache Airflow (apache-airflow) 3.1.0 before 3.1.7

Description:

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with
custom permissions limited to task access to view task logs without having task log access.

Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

Credit:

34selen (finder)
Shubham Raj...