Important: Red Hat Security Advisory: gdk-pixbuf2 security update

An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS PDUs...

CVE-2026-7216

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processingserver.py of the component createsketch Tool. This manipulation of the argument sketchname causes path traversal. Remote...

CVE-2026-7216 donchelo processing-claude-mcp-bridge create_sketch Tool processing_server.py path traversal

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processingserver.py of the component createsketch Tool. This manipulation of the argument sketchname causes path traversal. Remote...

CVE-2026-7216

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processingserver.py of the component createsketch Tool. This manipulation of the argument sketchname causes path traversal. Remote...

CVE-2026-7216

The CVE-2026-7216 entry describes a weakness in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. The vulnerable component is the create_sketch Tool, specifically the processing_server.py function handling the sketch_name argument. This input manipulation enabl...

[SECURITY] Fedora 44 Update: botan3-3.9.0-7.fc44

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \11 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

SUSE CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

gdk-pixbuf2 security update

An update is available for gdk-pixbuf2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gdk-pixbuf2 packages provide an image loading library that can be...

PT-2026-35648

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing server.py of the component create sketch Tool. This manipulation of the argument sketch name causes path traversal. Remote...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of GPU components after their release, which could allow remote attackers with access to the rendering...

Processing-Claude MCP Bridge 路径遍历漏洞

Processing-Claude MCP Bridge is a bridge tool developed by Mariano, allowing for control of Processing applications via natural language. Processing-Claude MCP Bridge contains a path traversal vulnerability, which stems from the sketchname parameter in the processingserver.py file within the...

PT-2026-35833

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free a condition where a program continues to use a memory address after it has been freed in the GPU component allows a remote attacker to potentially perform a sandbox...

VMware Spring AI 资源管理错误漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5 and 1.1.0 to 1.1.4 of VMware Spring AI contain resource management vulnerabilities. These...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source framework. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities were caused by a Webhook replay issue during Plivo V3 signature verification. This issue could allo...

Hanwha Vision QND-8080R 访问控制错误漏洞

Hanwha Vision QND-8080R is a network infrared surveillance camera device produced by Hanwha Vision in South Korea. The Hanwha Vision QND-8080R has a access control vulnerability, which stems from issues with request processing. This vulnerability may lead to accidental access to protected functio...

CLSA-2026-1777323301 Fix CVE(s): CVE-2026-33900, CVE-2026-33905

SECURITY UPDATE: out-of-bounds heap write in VIFF encoder due to integer truncation on 32-bit builds - debian/patches/CVE-2026-33900.patch: add overflow check in WriteVIFFImage to reject packets values that truncate when cast to sizet, preventing a heap write beyond the allocated buffer -...

JLSEC-2026-239 Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them...

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

JLSEC-2026-225 Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

CVE-2026-31690

CVE-2026-31690 affects the Linux kernel TH1520 AON firmware protocol driver. The issue combined a potential buffer overflow from unsafe pointer arithmetic when accessing the 'mode' field via a resource offset, and the use of custom RPC_SET_BE*/RPC_GET_BE* macros replaced with standard endianness ...