0.0
CVE-2026-5440 - Memory Exhaustion via Unbounded Content-Length
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` β¦
0.0
CVE-2026-5442 - Heap Buffer Overflow in DICOM Image Decoder via VR UL Dimensions
A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frβ¦
0.0
CVE-2026-5443 - Heap Buffer Overflow in DICOM Image Decoder (Palette Color Decode)
A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memorβ¦
0.0
CVE-2026-5445 - Out-of-Bounds Read in DicomImageDecoder (DecodeLookupTable)
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette sizβ¦
0.0
CVE-2026-5444 - Heap Buffer Overflow in PAM Image Buffer Allocation
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation, reβ¦
0.0
CVE-2026-5441 - Out-of-Bounds Read in DicomImageDecoder (PMSCT_RLE1 Decompression)
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A cβ¦
5.1
CVE-2026-34757 - LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chuβ¦
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_strβ¦
8.2
CVE-2026-34578 - OPNsense has an LDAP Injection via Unsanitized Username in Authentication
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters into the username fieldβ¦
9.3
CVE-2025-62718 - Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through β¦
7.5
CVE-2026-5959 - GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexiβ¦