freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

curl: Cookie attribute TAB injection regression in Set-Cookie parsing

Overview | | | |---|---| | Component | lib/cookie.c — parsecookieheader | | Type | Security regression incomplete input validation | | CWE | CWE-20 Improper Input Validation | | Severity | LOW CVSS 3.1 estimated 3.7, comparable to CVE-2022-35252 | | Affected | curl 8.18.0 through current HEAD | |...

EUVD-2026-17804

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-5287

An use after free flaw was found in the PDF component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=494644471...

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-5287

The CVE-2026-5287 issue affects Google Chrome prior to 146.0.7680.178, caused by a use-after-free in the PDF handling path, allowing a remote attacker to execute arbitrary code within the browser sandbox via a crafted PDF. The connected sources corroborate this memory safety fault in Chrome/Chrom...

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

CVE-2026-3776

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2026-3778

CVE-2026-3778 affects Foxit PDF Editor/Reader (Foxit Reader) across platforms as described in connected records. The root cause is cyclic PDF object references created by pages and annotations referencing each other in a loop, which, when the document is processed by APIs that perform deep traver...

PT-2026-29622

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.6 Description OpenEXR, a specification and reference implementation of the EXR file format used in the motion picture industry, contains a flaw. A crafted .exr file utilizing HTJ2K compression and a channel...

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from string-based path validation in FilesystemBridge, which allowed operations on files outside of the...

Low: rust-below

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

PT-2026-29434

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

GHSA-425G-FJHQ-5H92 openssl-encrypt silently skips schema validation when jsonschema library is not installed

Summary In opensslencrypt/modules/jsonvalidator.py at lines 234-238, when the jsonschema library is not installed, all schema validation is silently skipped with only a print warning. Affected Code python if not JSONSCHEMAAVAILABLE: printf"Warning: Cannot validate against schema 'schemaname' -...

SUSE CVE-2026-5185

A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been...