CVE-2026-27588

A flaw was found in Caddy's HTTP host request matcher. When Caddy is configured with a large list of host entries, its host matching becomes unexpectedly case-sensitive instead of case-insensitive as documented. A remote attacker can exploit this by altering the casing of the Host header in HTTP...

CVE-2026-1229

A flaw was found in the github.com/cloudflare/circl/ecc/p384 package. The CombinedMult function, which is part of the elliptic curve cryptography ECC implementation for the secp384r1 curve, generates an incorrect value when provided with specific inputs. This can lead to incorrect cryptographic...

CVE-2025-61144

A denial of service flaw has been found in libtiff. This stack-based buffer overflow occurs in tiffcrop part of libtiff within the function readSeparateStripsIntoBuffer. When processing a malformed TIFF directory e.g., improper tags/order, missing StripByteCounts, the function overflows a...

CVE-2025-61143

A flaw was found in libtiff. This vulnerability, a NULL pointer dereference, occurs in the tifopen.c component. An attacker could exploit this by providing specially crafted input, leading to a Denial of Service DoS due to an application crash. Mitigation Mitigation for this issue is either not...

CVE-2026-27119

svelte is a performance oriented web framework. In certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. Mitigation Mitigation for this issue is eith...

CVE-2026-27121

svelte is a performance oriented web framework. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious...

CVE-2026-2492

A flaw was found in TensorFlow. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code. The flaw exists within the HDF5 library's handling of plugins, which are loaded from an unsecured location. An attacker with low-privileged code execution can exploit this...

CVE-2026-0797

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of ICO files. A remote attacker can exploit this by convincing a user to open a malicious file or visit a malicious web page, leading to arbitrary code execution. The issue is due to a lack of...

Apache Traffic Server Host Header Stability Scanner

This is a safe verification tool designed to detect abnormal Host header handling behavior in Apache Traffic Server without triggering denial of service conditions. The tool performs controlled HTTP requests and analyzes response stability, connection behavior, and service continuity...

CVE-2025-69725

A flaw was found in go-chi/chi, a Go programming language HTTP router. This open redirect vulnerability, specifically within the RedirectSlashes function, allows a remote attacker to redirect users to malicious websites. This occurs by manipulating the legitimate website's domain, potentially...

CVE-2025-41117

A cross site scripting flaw has been discovered in Grafana's Explore Traces view. This view can be rendered as raw HTML and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API...

SUSE-SU-2026:0473-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50347: mmc: rtsxusbsdmmc: fix return value check of mmcaddhost bsc1249928. - CVE-2022-50580: blk-throttle: prevent overflow while calculating wait time bsc125254...

Virtuozzo Hybrid Infrastructure 7.2 Hotfix 1 (7.2.0-254)

This update provides a security fix and stability fixes for the storage service. Vulnerability id: VSTOR-122723 Bucket object lock is removed after setting a bucket policy. Vulnerability id: VSTOR-123191 Archive files are not accessible if there are issues with replication. Vulnerability id:...

CVE-2025-69872

A deserialization flaw was found in python-diskcache. This component uses Python pickle for serialization by default. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution when a victim application reads from the cache. The impact ...

CVE-2026-2366

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

CVE-2026-24675

A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2020-37121

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code...

CVE-2026-25536

A data leak by way of a race condition has been discovered in the @modelcontextprotocol/sdk npm library. The cross-client response data leak exists when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input...