Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in msl.c. An attacker can cause memory exhaustion and disrupt service availability by submitting malicious image files. Remediation A fix was pushed into the master branch but not yet...

CVE-2026-2964

A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible t...

CVE-2026-2958

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub457C5C of the file /boafrm/formWsc. Such manipulation of the argument saveapply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and...

CVE-2026-3052

DataLinkDC dinky up to 1.2.5 is affected. The vulnerable component is the Flink Proxy Controller (dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java) and its proxyUba function. The issue enables server-side request forgery (SSRF) and is exploitable remotely. The exploit has ...

Reusing a Nonce, Key Pair in Encryption

Overview Affected versions of this package are vulnerable to Reusing a Nonce, Key Pair in Encryption in the server-side digest authentication implementation. An attacker can gain unauthorized access by replaying previously captured authentication data. Remediation There is no fixed version for...

SUSE CVE-2026-2913

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...

CVE-2026-3043

A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and...

VulnCheck KEV: CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

Self-Purification Mitigates Backdoors in Multimodal Diffusion Language Models

Multimodal Diffusion Language Models MDLMs have recently emerged as a competitive alternative to their autoregressive counterparts. Yet their vulnerability to backdoor attacks remains largely unexplored. In this work, we show that well-established data-poisoning pipelines can successfully implant...

Linux Distros Unpatched Vulnerability : CVE-2026-2968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component...

AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs

The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...

Linux Distros Unpatched Vulnerability : CVE-2026-3099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or...

SonicWALL TZ Insufficient Verification of Data Authenticity (CVE-2022-47522)

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept possibly cleartext target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point such as authentication...

Linux Distros Unpatched Vulnerability : CVE-2026-2967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP...

ROS-20260224-73-0022

A vulnerability in the Moodle virtual learning environment is related to the failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

ROS-20260224-73-0035

Vulnerability in gitea related to a flaw in the authorization mechanism. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

ROS-20260224-73-0017

Vulnerability in moodle due to insufficient limitation of authentication attempts. Exploitation of the vulnerability could allow a remote attacker to launch a brute force attack...

CVE-2026-3044 Tenda AC8 Httpd Service UploadCfg webCgiGetUploadFile stack-based overflow

A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

DEBIAN-CVE-2026-3063

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

CVE-2026-3042

A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public a...