EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-44375

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

CVE-2026-40136

creationtimestamp| type| source ---|---|--- 2026-05-12 04:57:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlmyt54c6l2p 2026-05-12 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:07+00:00| seen|...

CVE-2026-42571

creationtimestamp| type| source ---|---|--- 2026-05-09 21:49:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh7zev7at2t 2026-05-10 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlhhd4dhnd2p 2026-05-10 00:01:03+00:00| seen|...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-016813)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016813 advisory. A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

Micronaut has unbounded `formattersCache` in `TimeConverterRegistrar` that Allows Memory Exhaustion via `Accept-Language` Header

Summary TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation pattern concatenated with the locale from the HTTP Accept-Language header. Because Locale.forLanguageTag accepts arbitrary BCP 47 private-use...

PT-2026-38292

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in GLib. Integer overflow and buffer under-read occur when parsing a long, invalid ISO 8601 timestamp using the gdatetimenewfromiso8601 function...

RUSTSEC-2026-0138 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

RUSTSEC-2026-0134 Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

CVE-2026-41153

creationtimestamp| type| source ---|---|--- 2026-04-17 18:14:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpjpf2f3w2b...

CVE-2026-33174

creationtimestamp| type| source ---|---|--- 2026-03-24 00:29:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhrcz62mfa2d...

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

Low: firefox

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

GHSA-5RC7-2JJ6-MP64

creationtimestamp| type| source ---|---|--- 2026-02-26 20:10:19+00:00| seen| https://gist.github.com/alon710/db177992ad587ae21d2ec8067685c1a5...

CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

exiftool 操作系统命令注入漏洞

Exiftool is an open-source application developed by ExifTool. It makes metadata more accessible. Versions of Exiftool 13.49 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the SetMacOSTags function in the PNG file parser component,...