CVE-2026-28207

CVE-2026-28207 (Zen C) : Prior to 0.4.2, Zen C’s compiler could be tricked into executing arbitrary shell commands via a crafted output filename passed to -o. The flaw resided in the main.c logic where a command string was built by concatenating arguments and executed with system(), allowing shel...

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control C2 infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores it...

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

PT-2026-22205

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description wger is a free, open-source workout and fitness manager. An issue exists where three nutritional values action endpoints bypass user-scoped querysets via a raw ORM call, specifically Model.objects.getpk=p...

CVE-2026-3194

CVE-2026-3194 affects Chia Blockchain 2.1.0. The vulnerability is in the RPC Server Master Passphrase Handler, specifically the functions send_transaction and get_private_key, leading to missing authentication. It is locally exploitable with high attack complexity, and exploitation has been publi...

Exploit for Integer Overflow or Wraparound in Linux Linux_Kernel

CVE-2022-0185-Analysis-and-Exploit Research and proof-of-conce...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

chia-blockchain 授权问题漏洞

ChiaBlockchain is a Python library for Chia Network’s open-source project. Version 2.1.0 of ChiaBlockchain contains an authorization vulnerability. This vulnerability stems from improper authentication practices in the authenticate function within the rpcserverbase.py file of the component’s RPC...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

GHSA-MXHJ-88FX-4PCV Fickling: OBJ opcode call invisibility bypasses all safety checks

Assessment The interpreter so it behaves closer to CPython when dealing with OBJ, NEWOBJ, and NEWOBJEX opcodes https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a. Original report Summary All 5 of fickling's safety interfaces -- islikelysafe, checksafety, CLI...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

CVE-2026-27195 affects Wasmtime in versions where component-model-async is default (from 39.0.0). The bug causes a panic when a host embeds calls to wasmtime::component::[Typed]Func::call_async, drops the returned Future after polling, and then reuses the same component instance before the first ...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

GHSA-XJHV-V822-PF94 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

The affected versions of Wasmtime can panic if the host embedder drops the future returned by wasmtime::component::TypedFunc::callasync before it resolves. Details Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of...

Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

The affected versions of Wasmtime can panic if the host embedder drops the future returned by wasmtime::component::TypedFunc::callasync before it resolves. Details Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of...

RUSTSEC-2026-0022 Panic when dropping a `[Typed]Func::call_async` future

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94 For more information see the GitHub-hosted security advisory...

Panic when dropping a `[Typed]Func::call_async` future

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94 For more information see the GitHub-hosted security advisory...

OSV-2026-292 UNKNOWN WRITE in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486503337 Crash type: UNKNOWN WRITE Crash state: ::calluncheckedraw::::queuecall...

CVE-2026-2588

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN sizet to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems sizet is typically 32-bits while an unsigned long long is at least 64-bi...