CVE-2026-24812 An improper pointer arithmetic in root-project/root at builtins/zlib/inftrees.c

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1...

CVE-2026-24812

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1...

EUVD-2026-4762

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1...

CVE-2026-24811

CVE-2026-24811 affects root-project root (builtins/zlib/inffast.c). The issue is described as improper pointer arithmetic in root-project/root’s zlib implementation. CVSS 4.0 metrics indicate a mostly network-exposed, high-severity vulnerability with low user interaction and high impact on confid...

CVE-2026-24811 An improper pointer arithmetic in root-project/root at builtins/zlib/inffast.c

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

CVE-2026-24811

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

EUVD-2026-4830

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

CVE-2026-24811 An improper pointer arithmetic in root-project/root at builtins/zlib/inffast.c

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

EUVD-2026-4794

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in coolsnowwolf lede package/lean/mt/drivers/mt7603e/src/mt7603wifi/common modules. This vulnerability is associated with program files bnlib.C. This issue affects lede: through r25.10.1...

CVE-2026-24803

CVE-2026-24803 describes an infinite loop (unreachable exit condition) vulnerability in coolsnowwolf/lede within the MT7615D wifi drivers under mt_wifi/embedded/security modules, specifically associated with bn_lib.C. Affected software: LEDE project releases up to and including r25.10.1. Root cau...

Malicious Package

Overview @servicepoint/vue-project is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CVE-2026-24480

A flaw was found in the QGIS GitHub Actions workflow. This vulnerability allowed a remote attacker to achieve remote code execution and compromise the repository. The flaw occurred because the workflow used the pullrequesttarget trigger, which runs with the base repository's credentials, and then...

CVE-2025-70368

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

SUSE CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane's updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

PT-2026-4854

Name of the Vulnerable Software and Affected Versions ASDA-Soft affected versions not specified Description ASDA-Soft contains a stack-based buffer overflow issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

This Week in Spring - January 27th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this, I cannot believe we're nearly at the end of the month! Time sure flies. Spring AI 2.0.0-M2 is available now Spring Modulith 2.1 M1, 2.0.2, and 1.4.7 released In last week's installment of A Bootiful Podcast ,...

PT-2026-4887

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1...

PT-2026-4886

Vulnerability in root-project root builtins/zlib modules. This vulnerability is associated with program files inffast.C. This issue affects root...

PT-2026-4872

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in coolsnowwolf lede package/lean/mt/drivers/mt7615d/src/mt wifi/embedded/security modules. This vulnerability is associated with program files bn lib.C. This issue affects lede: through r25.10.1...

Ghost cross-site scripting vulnerabilities

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 5.43.0 to 5.12.04, as well as 6.0.0 to 6.14.0, have a cross-site scripting vulnerability. This vulnerability arises because specially crafted links may execute JavaScript, potentially leading to account...