CVE-2026-21732

The CVE-2026-21732 issue affects the GPU shader compiler library (WebGPU shader compilation path) where loading unusual shader code can trigger an out-of-bounds write, causing a crash. An edge case with very large switch values can cause a segmentation fault via OOB access during conversion in th...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

GHSA-WGVC-GHV9-3PMM vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

[SECURITY] Fedora 43 Update: dotnet10.0-10.0.104-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

CVE-2026-27977

A CSRF check bypass flaw has been discovered in Next.js. In the next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing privacy-sensitive/opaque contexts for example sandboxed documents to connect...

Observability for AI Systems: Strengthening visibility for proactive risk detection

Adoption of Generative AI GenAI and agentic AI has accelerated from experimentation into real enterprise deployments. What began with copilots and chat interfaces has quickly evolved into powerful business systems that autonomously interact with sensitive data, call external APIs, connect to...

CVE-Exploit-Research-Development

Objective To research, replicate, and develop a working expl...

PT-2026-26189

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

Linux Distros Unpatched Vulnerability : CVE-2026-27977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protectio...

OPENSUSE-SU-2026:10387-1 kernel-devel-6.19.8-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.19.8-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-27977

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

Missing Origin Validation in WebSockets

Overview next is a react framework. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets in the internal dev endpoint when the Origin header is set to null. An attacker can interact with internal development websocket traffic by connecting from...

Next.js: null origin can bypass dev HMR websocket CSRF checks

Summary In next dev, cross-site protections for internal development endpoints could treat Origin: null as a bypass case even when allowedDevOrigins is configured. This could allow privacy-sensitive or opaque browser contexts, such as sandboxed documents, to access privileged internal dev-server...

GHSA-JCC7-9WPM-MJ36 Next.js: null origin can bypass dev HMR websocket CSRF checks

Summary In next dev, cross-site protections for internal development endpoints could treat Origin: null as a bypass case even when allowedDevOrigins is configured. This could allow privacy-sensitive or opaque browser contexts, such as sandboxed documents, to access privileged internal dev-server...

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from the cross-site protection of the internal WebSocket endpoint in development mode, which might treat Origin: null as an mechanism. This could...

Siemens SICAM SIAPP SDK Out-of-Bounds Write Vulnerability

Siemens SICAM SIAPP SDK is a software development kit from Siemens, Germany. The Siemens SICAM SIAPP SDK contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service or execute arbitrary code...

PT-2026-25908

Summary In next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing privacy-sensitive/opaque contexts for example sandboxed documents to connect unexpectedly. Impact If a dev server is reachable fr...