CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block

Summary The @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites @partial-block with a crafted Handlebars AST, a subsequent invocation of @partial-block compil...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via manipulation of the @partial-block variable in the template data context. An attacker can execute arbitrary...

EUVD-2026-6136

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smfgnhandlecreatepdpcontextrequest of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now...

CVE-2026-1738

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwctunneladd of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published...

Palo Alto Expedition 1.2.91 Remote Code Execution

class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...

libsass:data_context_fuzzer: Use-of-uninitialized-value in std::__1::vector<std::__1::vector<Sass::Extension, std::__1::allocator<Sass::Ext

Detailed Report: https://oss-fuzz.com/testcase?key=5682028378062848 Project: libsass Fuzzing Engine: libFuzzer Fuzz Target: datacontextfuzzer Job Type: libfuzzermsanlibsass Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

libsass:data_context_fuzzer: Crash in Sass::Inspect::operator

Project: https://github.com/sass/libsass.git Detailed Report: https://oss-fuzz.com/testcase?key=5739632306421760 Project: libsass Fuzzing Engine: libFuzzer Fuzz Target: datacontextfuzzer Job Type: libfuzzermsanlibsass Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0xfffffffffffffff8...

libsass:data_context_fuzzer: Bad-cast to Sass::PreValue from Sass::SelectorList in Sass::Eval::operator

Detailed Report: https://oss-fuzz.com/testcase?key=5635227418624000 Project: libsass Fuzzing Engine: libFuzzer Fuzz Target: datacontextfuzzer Job Type: libfuzzerubsanlibsass Platform Id: linux Crash Type: Bad-cast Crash Address: 0x00000191b2a0 Crash State: Bad-cast to Sass::PreValue from...

libsass/data_context_fuzzer: Crash in Sass::Parser::parseCompoundSelector

Project: https://github.com/sass/libsass.git Detailed report: https://oss-fuzz.com/testcase?key=5717181783867392 Project: libsass Fuzzer: libFuzzerlibsassdatacontextfuzzer Fuzz target binary: datacontextfuzzer Job Type: libfuzzermsanlibsass Platform Id: linux Crash Type: UNKNOWN READ Crash Addres...

libsass/data_context_fuzzer: Heap-buffer-overflow in std::__1::vector<std::__1::vector<Sass::SharedImpl<Sass::ComplexSelector>, std::

Project: https://github.com/sass/libsass.git Detailed report: https://oss-fuzz.com/testcase?key=5161915090731008 Project: libsass Fuzzer: libFuzzerlibsassdatacontextfuzzer Fuzz target binary: datacontextfuzzer Job Type: libfuzzerasanlibsass Platform Id: linux Crash Type: Heap-buffer-overflow READ...