CVE-2026-33637

A flaw was found in Faraday, an HTTP client library. This vulnerability allows a remote attacker to perform off-host request forgery by exploiting a protocol-relative host override when a request target is passed as a URI object. This can redirect a request from a fixed-base Faraday connection to...

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

CVE-2025-69627

CVE-2025-69627 : Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free in the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. The freed m...

WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1256 Here's a snippet of ObjectPatternNode::appendEntry. void appendEntryconst JSTokenLocation&, ExpressionNode propertyExpression, DestructuringPatternNode pattern, ExpressionNode defaultValue, BindingType bindingType...