ANT-2026-9SZMPW41 · MapServer · Heap Buffer Overflow

heap-buffer-overflow medium CVE-2026-33721 Severity Claude medium · Security research firm medium · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Trail of Bits. ANT-2026-9SZMPW41: Heap buffer...

SUSE CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer's SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

DEBIAN-CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

EUVD-2026-16501

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

Malicious code in categorize-files (npm)

The package categorize-files was found to contain malicious code...

brick-node (>=0.0.0 <=0.0.17) potentially affected by unknown CVE via categorize-files (=0.0.1)

categorize-files NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on categorize-files and may be impacted: - brick-node =0.0.0, =0.0.17 Source cves: unknown CVE Source advisory: OSV:MAL-2025-16663...

MAL-2025-16663 Malicious code in categorize-files (npm)

The package categorize-files was found to contain malicious code...

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called "Plugin Vulnerabilities "—that recently gone...

Dolphin 'actions.inc.php' SQL Injection Vulnerability

Dolphin is a social networking system. A SQL injection vulnerability exists in Dolphin version 7.3.0. Due to a failure to filter key inputs in actions/inc/php, a remote attacker can execute arbitrary SQL commands via the categorize parameter in a search parameter...