PT-2026-42095

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service...

PT-2026-42159

Improper link resolution before file access 'link following' in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally...

ROS-20260520-73-0035

A vulnerability in the WebAudio component of Google Chrome browser is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0007

A vulnerability in the WebGL component of Google Chrome and Microsoft Edge browsers is related to reading outside of the allowed range in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity and availability of protected...

ROS-20260520-73-0016

A vulnerability in the ANGLE library of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0054

A vulnerability in the PDF component of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...

PT-2026-42194

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

PT-2026-42153

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A time-of-check to time-of-use TOCTOU race condition exists in the daemon file handling. This occurs when an rsync daemon is configured with the chroot setting set to false. A local attacker with write...

UBUNTU-CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

Malicious code in @tailwind-core/vite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f9a00740b85c3ce7b36a9ba242f3eccc9ebf3d4f626ab911342c50d63b48805 The package name @tailwind-core/vite impersonates the official @tailwindcss/vite plugin from tailwindlabs, and its package.json declares three...

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

CVE-2026-33642

A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...

Improper Validation of Syntactic Correctness of Input

Overview @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord function that leads to the unlimited message processing since rate limits are applied onl...

MAL-2026-4765 Malicious code in qontract-reconcile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bee34269c7f3aae4181b856b9b73a57abf59acc94d076d51b4fb6c14b8fc5508 This release of qontract-reconcile uses uv's tool.uv.dependency-metadata mechanism in pyproject.toml to override the pagerduty package's declared...

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

MAL-2026-4362 Malicious code in @arbocollab/arbo-web-people (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f007c3da95aa64e4c2ed5b51b736900ddc444499f2f678d749603fab516a0c3 The published tarball ships npmjs.npmrc containing a live npm-prefixed authToken for registry.npmjs.org scoped to @arbocollab. package.json declares...

MAL-2026-4176 Malicious code in dabrius-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 381f128317bd76fe2e5d34df5decd7f27475bff72e646ccdb19cb1334a068b07 Package is local-only PoC of supply chain attack. The commented code and name reveals relation to the previously uploaded package containing data exfiltration...

CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...