CVE-2026-10616

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...

CVE-2026-10583 nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...

CVE-2026-10232 Assimp ASE File scene.cpp ~aiNode use after free

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

EUVD-2026-33563

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

CVE-2026-10229

Assimp up to 6.0.4 is affected by a heap-based buffer overflow in HL1MDLLoader::read_meshes (Half-Life 1 MDL Loader) exposed via a local attack. The vulnerability stems from HL1MDLLoader.cpp and can be triggered by processing specific MDL mesh data. Public exploit disclosure is indicated. The CVE...

CVE-2026-10217 nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

UBUNTU-CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

CVE-2026-9912

An inappropriate implementation flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499873765...

CVE-2026-39960

MantisBT (versions ≤ 2.28.1) is vulnerable to Stored XSS via improper escaping of a textarea custom field on the Update Issue page (bug_update_page.php). The flaw allows an attacker, authenticated with bug report permission, to inject HTML and potentially execute JavaScript when the page loads, e...

Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...

GHSA-QJ6W-V29Q-4RGX MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

PT-2026-39880

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description Flawed logic in the Update Issue page 'bug update page.php' causes improper escaping of textarea custom field contents. This allows an authenticated user with low-privilege bug...

CVE-2026-7971

An inappropriate implementation flaw was found in the ORB component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497529290...

CVE-2026-7917

An use after free flaw was found in the Fullscreen component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498752242...

EUVD-2026-26000

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-7233 Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-7233

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

Mozilla -- Other issue in the JavaScript Engine component

https://bugzilla.mozilla.org/showbug.cgi?id=2023343 reports: Other issue in the JavaScript Engine component...

Mozilla -- Incorrect boundary

https://bugzilla.mozilla.org/showbug.cgi?id=2027501 reports: Incorrect boundary conditions in the WebRTC component...

Mozilla -- Privilege escalation in the Debugger component

https://bugzilla.mozilla.org/showbug.cgi?id=2023753 reports: Privilege escalation in the Debugger component...