CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

MAL-2026-4463 Malicious code in @vivaux/telemetry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0a848407f225f6d34a9d48d9619b517c80e007c2a12c20a341e48cb7f907f81 @vivaux/[email protected] ships an empty index.js and exists only to pull in an off-registry dependency. package.json declares "ltidisafe":...

PT-2026-38299

Name of the Vulnerable Software and Affected Versions Snappier affected versions not specified Description A denial of service issue exists where Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream. This occurs when the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, where the rxkaddecryptticket function does not check whether the decryption operation was successful. As a result,...

PT-2026-29235

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled bytes...

CVE-2025-7403

Unsafe handling in btconntxprocessor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption...

CVE-2025-7403

Unsafe handling in btconntxprocessor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption...

CVE-2025-7403

CVE-2025-7403 affects Zephyr RTOS: unsafe handling in bt_conn_tx_processor can cause a use-after-free, leading to a write-before-zero with attacker-controlled 4 bytes, enabling precise memory corruption. Impact is described as memory corruption with high availability impact; CVSS vectors indicate...

PT-2025-38513

Name of the Vulnerable Software and Affected Versions Bluetooth affected versions not specified Description An unsafe handling issue in bt conn tx processor can lead to a use-after-free condition, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memo...

CVE-2025-57803

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the...

shatterSEH2.txt

moderator: I forgot the link :- ========================================================================= = Shattering SEH II = = [email protected] = http://www.security-assessment.com = = Originally posted: July 28, 2003...