PT-2026-29437

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1507)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1507 advisory. Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attacke...

SUSE CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

SUSE CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

CVE-2026-5235

The vulnerability CVE-2026-5235 affects Axiomatic Bento4 (up to version 1.6.0-641). It targets MP4 File Parser, specifically AP4_BitReader::ReadCache in Ap4Dac4Atom.cpp, causing a heap-based buffer overflow. Exploitation is local and the exploit has been publicly disclosed. Details on affected pr...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

Squid: Squid: Denial of Service via crafted ICP traffic

A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2026-34377

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...

CLSA-2026-1774947708 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-34042

act: The CVE-2026-34042 flaw in the act project’s actions/cache server lets connections from any interface create caches with arbitrary keys and read existing caches, potentially enabling arbitrary remote code execution inside the local Docker container. The issue stems from listening on all inte...

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

Act 安全漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 have security vulnerabilities. These vulnerabilities stem from the built-in actions/cache server, which listens to all interface connections. This could lead to arbitrary cache creation and retrieval,...

Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...