CVE-2025-61684

CVE-2025-61684 affects Quicly, an IETF QUIC protocol implementation. The vulnerability is a denial-of-service caused by an assertion failure that crashes the process, exploitable before commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. The issue is mitigated by the mentioned commit which fixes the...

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

PT-2026-3506

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin wh...

CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

CVE-2026-23644 esm.sh has path traversal in `extractPackageTarball` that enables file writes from malicious packages

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

CVE-2025-15533 raysan5 raylib rtext.c GenImageFontAtlas heap-based overflow

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

PT-2026-3382

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...

Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

CVE-2025-15104

Nu Html Checker (validator.nu) — SSRF via restriction bypass in vnu (latest commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd). The issue allows remote attackers to induce the server to make arbitrary HTTP/HTTPS requests to internal resources, including localhost services. Protective hostname check...

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...

PT-2026-3221

Name of the Vulnerable Software and Affected Versions lucy-xss-filter versions prior to commit e5826c0 Description The software contains a flaw where an attacker can execute malicious JavaScript. This is due to improper sanitization resulting from misconfigured default superset rule files...

PT-2026-3220

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001459)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001459 advisory. The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003461 advisory. fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs- flushing-before-commit list, which allows local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002640 advisory. The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This atta...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001765 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Due to a race condition...

CVE-2026-22700

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

CVE-2026-22699

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...