CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

CVE-2019-25467

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...

CVE-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

CVE-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

CVE-2025-12697

GitLab CVE-2025-12697 affects GitLab CE/EE versions prior to 18.7.6, 18.8 prior to 18.8.6, and 18.9 prior to 18.9.2. An authenticated user with maintainer permissions could reveal Datadog API credentials under certain conditions. The CVSS v3.1 score is 2.2 (LOW), with Network attack vector, High ...

CVE-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

Improper Encoding or Escaping of Output

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...

SUSE CVE-2026-30883

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

Multi‑Layer Python Payload Encryptor, Decryptor, and Loader Generator

This Python program is a utility designed to encrypt, decrypt, and package Python payloads using multiple layers of encoding and obfuscation. It provides a simple command‑line menu that allows users to convert a Python script into an encoded payload and automatically generate a loader that can...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Niranjan Hegde and Sijo Jacob · June 14, 2023 This blog was also written by Mathanraj Thangaraju Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitiv...

CVE-2026-28807

CVE-2026-28807 affects gleam-wisp wisp; path traversal in wisp.serve_static occurs because sanitization runs before percent-decoding, allowing %2e%2e to decode to .. and read any file the process can access. Affected versions are 2.1.1 <= wisp

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

CLSA-2026-1773160910 postgresql: Fix of 3 CVEs

CVE-2026-2004: require superuser to install non-built-in selectivity estimators and harden intarray intmatchsel against wrong operator type - CVE-2026-2005: fix heap buffer overflow in pgcrypto PGP public-key decryption by validating session key length - CVE-2026-2006: fix multibyte character...

DEBIAN-CVE-2026-30883

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...