CVE-2026-8686

CVE-2026-8686 affects coreMQTT’s MQTT v5.0 property parser. The vulnerability is due to missing bounds validation in the parser prior to version 5.0.1, which may allow an MQTT broker to trigger a denial-of-service by sending a crafted packet. Affected component: coreMQTT (MQTT v5.0 property parsi...

GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

CVE-2026-40881 Zebra: addr/addrv2 Deserialization Resource Exhaustion

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB...

CVE-2026-40881

Zebra/Zebrad deserialization flaw CVE-2026-40881: when parsing addr or addrv2 messages, Zebra would deserialize vectors of addresses up to about 233k entries due to MAX_ADDRS_IN_MESSAGE checking being performed after deserialization. This could exhaust memory and crash a node under network load. ...

capstone security update

5.0.1-7 - Fix CVE-2025-67873 heap buffer overflow Resolves: RHEL-141551 - Fix CVE-2025-68114 memory corruption Resolves: RHEL-137747...

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1245 more potentially affected by CVE-2026-33036 via fast-xml-parser (>=5.0.1 <=5.5.5)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =0.5.3, =0.2.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =3.13.0 and more Source cves: CVE-2026-33036 Source advisory: OSV:GHSA-8GC5-J5RX-235R...

CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aysblock' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-14983

The CVE refers to WordPress plugin Advanced Custom Fields: Font Awesome Field (

Advisory ROSA-SA-2026-3173

Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.0 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv30 affected versions libtomcrypt-1.18.2-5.0.1.rv30 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...

SUSE CVE-2026-25547

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

CVE-2026-25547

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

UBUNTU-CVE-2026-25547

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

Allocation of Resources Without Limits or Throttling

Overview @isaacs/brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded brace range expansion. An attacker can cause excessive CPU and memory consumption, potentially...

CVE-2026-25547 Uncontrolled Resource Consumption in @isaacs/brace-expansion

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

CVE-2026-25547

Affected software: @isaacs/brace-expansion (hybrid CJS/ESM TypeScript fork of brace-expansion). Issue: DoS from unbounded brace range expansion when a pattern contains repeated numeric brace ranges, causing exponential growth and high CPU/memory usage. Root cause: eager generation of all possible...

PT-2026-6323

Name of the Vulnerable Software and Affected Versions @isaacs/brace-expansion versions prior to 5.0.1 Description @isaacs/brace-expansion, a hybrid CJS/ESM TypeScript fork of brace-expansion, is subject to a denial of service DoS issue. This occurs due to unbounded brace range expansion when...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS thermal management module, which can be exploited by an attacker to caus...