CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

CVE-2026-42399

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression...

CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

Summary Server Post-Auth Remote Code Execution RCE vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-4051 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with...

Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

GHSA-7J2F-6H2R-6CQC Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

Exploit for Improper Privilege Management in Apache Couchdb

Lab7-CVE-2017-12635-12636 I. SYSTEM ANALYSIS Ide...

CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

CVE-2026-44518

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

CVE-2026-45352

The CVE-2026-45352 issue affects cpp-httplib (header-only HTTP/HTTPS library). Before version 0.43.4, the ChunkedDecoder::read_payload routine parses the chunk-size in chunked Transfer-Encoding with std::strtoul(), which can silently accept a minus sign. This allows negative chunk sizes (e.g., "-...

EUVD-2026-33425

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

GHSA-6M57-8R3P-PQX6 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...