CVE-2026-25204

Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25204

Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

PT-2026-32196

Name of the Vulnerable Software and Affected Versions Escarogt versions prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 Description A deserialization issue exists in Escargot Java Script that can lead to a denial of service through process termination when handling untrusted data...

PT-2026-32357

A stack overflow in the experimental/tinyobj loader opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

PT-2026-32242

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

PT-2026-32546

Name of the Vulnerable Software and Affected Versions jq versions prior to 2f09060afab23fe9390cce7cb860b10416e1bf5f Description The jv parse sized API in libjq accepts a counted buffer with an explicit length parameter. However, its error-handling path formats the input buffer using %s in jv stri...

PT-2026-32491

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description An integer overflow occurs within the jvp string append and jvp string copy replace bad functions when concatenating strings with a combined length exceeding 2^31 bytes. This leads to a 32-bit unsigned...

PT-2026-32562

Name of the Vulnerable Software and Affected Versions jq versions prior to commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b Description CLI input parsing allows validation bypass via embedded NUL bytes when reading JSON from files or stdin. The software uses strlen to determine buffer length inste...

OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification

Impact B-M3: ClawHub package downloads are not enforced with integrity verification. ClawHub downloads could install plugin archives without enforcing archive or per-file integrity metadata. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and doe...

PT-2026-31718

Name of the Vulnerable Software and Affected Versions Sonicverse versions prior to commit cb1ddbacafcb441549fe87d3eeabdb6a085325e4 Description The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts...

SUSE CVE-2026-24450

An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006635 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfstruncatenolock Added a check for read-only mode ...

PT-2026-32542

Name of the Vulnerable Software and Affected Versions jq affected versions not specified Description The strindices builtin in src/builtin.c passes arguments to jv string indexes in src/jv.c without verifying they are strings. Because jv string indexes relies on assert checks that are removed in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006651)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006651 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the...

CVE-2026-35208

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

CVE-2026-35404

Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

CVE-2026-39382

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

Exploit for CVE-2026-22732

CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...

EUVD-2026-19620

A heap-based buffer overflow vulnerability exists in the x3fthumbloader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2026-19626

An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...