Linux Distros Unpatched Vulnerability : CVE-2026-20889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a...

PT-2026-30830

Name of the Vulnerable Software and Affected Versions LibRaw Commit d20315b Description A heap-based buffer overflow vulnerability exists in the x3f thumb loader functionality. A specially crafted malicious file can trigger a heap buffer overflow. An attacker can provide a malicious file to explo...

CVE-2026-35444 SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

CVE-2026-35444

The CVE-2026-35444 issue affects SDL_image’s XCF loader (src/IMG_xcf.c). In do_layer_surface(), pixel indices from decoded XCF tile data are used directly as colormap indices without validating against cm_num, enabling heap out-of-bounds reads (up to 762 bytes past the colormap allocation) for bo...

CVE-2026-35444 SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

CVE-2026-34148

CVE-2026-34148 – Fedify resource exhaustion via unbounded redirects . Affected: @fedify/fedify (Fedify) before versions 1.9.6, 1.10.5, 2.0.8, 2.1.1. Description in connected docs confirms that the remote and authenticated document loaders recursively follow HTTP 3xx redirects without a maximum re...

CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

CVE-2026-5556 badlogic pi-mono loader.ts discoverAndLoadExtensions code injection

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

CVE-2026-5556 badlogic pi-mono loader.ts discoverAndLoadExtensions code injection

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

CVE-2026-5556

CVE-2026-5556 affects badlogic pi-mono up to 0.58.4. The vulnerability targets the function discoverAndLoadExtensions in packages/coding-agent/src/core/extensions/loader.ts , enabling code injection. Remote exploitation is possible; the exploit has been disclosed publicly and may be used. The ven...

CVE-2026-5556

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

PT-2026-30426

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

OSS Weekend 代码注入漏洞

OSS Weekend is an AI agent development and LLM deployment management tool developed by Mario Zechner as a personal project. Versions of OSS Weekend prior to 0.58.4 contained a code injection vulnerability. This vulnerability stemmed from the discoverAndLoadExtensions function in the...

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans RATs and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA Cost Per Action fraud, directing victims to...

CVE-2026-5313

A flaw was found in Nothings stb. A remote attacker can exploit a vulnerability in the stbigifloadnext function within the GIF Decoder component of the stbimage.h library. This manipulation can lead to a denial of service DoS, making the affected system or application unavailable. The exploit for...

CVE-2026-5313

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

ONNX: External Data Symlink Traversal

Summary - Issue: Symlink traversal in external data loading allows reading files outside the model directory. - Affected code: onnx/onnx/checker.cc: resolveexternaldatalocation used via Python onnx.externaldatahelper.loadexternaldataformodel. - Impact: Arbitrary file read confidentiality breach...

Exploit for CVE-2026-5201

CVE-2026-5201 Heap-based buffer overflow in gdk-pixbuf JPEG...

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1509)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1509 advisory. A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a...

MAL-2026-2313 Malicious code in coredxloader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b26408ee7735357c61e0a81e60620000999ef84eba419797b20858e5ce5b4a62 During importing, code starts a malicious script performing exfiltration of sensitive data and credentials from e.g. browsers and Discord clients to a remote...