CVE-2026-24401

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

PT-2026-4557

Name of the Vulnerable Software and Affected Versions Avahi versions 0.9rc2 and below Description Avahi, a system for service discovery on a local network using mDNS/DNS-SD, is susceptible to a denial-of-service condition. Sending a crafted mDNS response with a recursive CNAME record, where the...

CVE-2026-24474

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

EUVD-2026-4323

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived...

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

GHSA-C32P-WCQJ-J677 CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

Command Injection

Wrangler is vulnerable to Command Injection. The vulnerability is due to unsanitized interpolation of the --commit-hash parameter into a shell command, where attacker-controlled input is passed directly to execSync, allowing arbitrary command execution in environments such as CI/CD pipelines that...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitti...

AZL-75360 CVE-2026-23893 affecting package opencryptoki 3.17.0-1

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

SUSE CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

GHSA-36P8-MVP6-CV38 Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

GHSA-RJR4-V43M-PXQ6 Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...