CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

mercure 安全漏洞

Mercure is a real-time data delivery protocol and server implementation developed by Kévin Dunglas as an individual project. Versions of Mercure prior to 0.22.0 contained security vulnerabilities. These vulnerabilities were caused by conflicts in cache keys within the TopicSelectorStore, which...

EUVD-2026-17221

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.23.0 contained security vulnerabilities. These vulnerabilities stemmed from data pointers in the xfAppUpdateWindowFromSurface cache pointing to XImage in the RDP GFX surface buffer...

vlt security vulnerabilities

Vlt is a code repository open-sourced by Vlt. Versions of Vlt prior to 1.0.0-rc.10 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the tar path cleanup, which could lead to path traversal during extraction...

CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

CVE-2025-62363

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the pathtoytdlp configuration setting. An attacker with write access to the configuration file or the filesyst...

EUVD-2022-4767

Malicious code in bioql PyPI...

CVE-2025-54867

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

Butterfly 安全漏洞

Butterfly is a modular web application framework open-sourced by OpenRefine. A security vulnerability exists in Butterfly versions prior to 1.2.6, which stems from improper handling of the file protocol in URLs, and could lead to path traversal, server-side request forgery, and cross-site scripti...

PT-2023-32965 · Unknown · Cosmovisor

Name of the Vulnerable Software and Affected Versions: Cosmovisor versions prior to v1.0.0 Description: An issue has been identified in Cosmovisor that may result in a Denial of Service or Remote Code Execution path depending on configuration for a node or validator using the vulnerable version t...

Linux kernel elevation of privilege vulnerability (CNVD-2016-06287)

The Linux kernel, released by the Linux Foundation in the United States and used by the operating system Linux, is an open-source, free, and most widely ported operating system kernel. An elevation of privilege vulnerability exists in versions of Linux kernel prior to 3.11 on ARM platforms,...

Wireshark crashes when inspecting HTTP traffic

Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload...