CVE-2026-42345

FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...

CVE-2026-37457

A flaw was found in FRRouting FRR. A remote attacker can exploit an off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function by supplying a specially crafted FlowSpec component. This issue can lead to a Denial of Service DoS. Mitigation Red Hat has investigated whether a...

Linux Distros Unpatched Vulnerability : CVE-2026-43363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re- enable x2apic mode, which may have been disabled by the...

PT-2026-39024

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 APIC Advanced Programmable Interrupt Controller implementation during resume from s2ram Suspend to RAM. Firmware may re-enable x2apic mode upon wake-up, even i...

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

CVE-2026-42216

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init reconstructs strings from a prefix-compressed...

CVE-2026-41142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

AFL-ICP: Enhancing Industrial Control Protocol Reliability Via Specification-Guided Fuzzing

Industrial Control Protocols ICPs are critical to the reliability and stability of industrial infrastructure, yet their security is fundamentally compromised by a specification-blindness bottleneck. Modern fuzzers, constrained by observation-driven inference, struggle to penetrate deep protocol...

websec-sql-injection

WebSec SQL Injection Учебный backend-проект по безопасности в...

EUVD-2026-26703

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

CVE-2026-6536

DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4...

Beyond Code Reasoning: A Specification-Anchored Audit Framework for Expert-Augmented Security Verification

Security-critical software is routinely audited by tools that reason about vulnerabilities as repository-local code patterns. Yet specification-governed systems -- protocol stacks, consensus implementations, cryptographic libraries -- are constrained by invariants and correctness conditions defin...

[SECURITY] Fedora 44 Update: fido-device-onboard-0.5.5-8.fc44

A rust implementation of the FIDO Device Onboard Specification...

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

UBUNTU-CVE-2026-40250

OpenEXR provides the specification and reference implementation of the...

UBUNTU-CVE-2026-39886

OpenEXR provides the specification and reference implementation of the...

CVE-2026-40250

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1040 performs chan-width chan-bytesperelement in...

CVE-2026-40244

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1722 performs curc-width curc-height in int32...

ABB System 800xA, Symphony Plus IEC 61850

SUMMARY This vulnerability was privately reported relating to ABB’s implementation of the IEC 61850 communication stack for MMS client applications used in some Automation control system products. Note: IEC 61850 communication typically supports MMS and GOOSE protocols. Some ABB products support...

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...