648723 matches found
CVE-2026-59882
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
Protecting Microsoft at AI speed: How SFI proactively hardens our cloud
AI models have reached a threshold where they exhibit expert-level capabilities in vulnerability discovery, exploit chaining, and proof-of-concept generation. As AI-powered vulnerability discovery matures, every organization that builds or runs software at scale needs continuous proactive...
Updated openvpn packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...
CVE-2026-14966
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
CVE-2026-59882
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
EUVD-2026-42319
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...
CVE-2026-59882
The CVE affects guzzlehttp/psr7 (PSR-7 HTTP message library for PHP). Prior to version 2.12.3, Uri::assertValidHost() fails to reject authority delimiters, embedded ports, or malformed IPv6 brackets in host components, causing Uri::getHost() to disagree with the URI authority used for security or...
CVE-2026-42505
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
CVE-2026-39822
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...
gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...
CVE-2026-14966
BBOT’s unarchive module is affected by a symlink guard bypass when handling certain archives. Specifically, zip and 7z archives with a DOS-attribute prefix in their listing (as produced by legacy p7zip) can bypass the extraction guard, allowing an attacker-controlled symlink to be written into th...
CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
CVE-2026-14966
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
EUVD-2026-42295
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction
BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...
Operationalizing Day Minus Seven: The Cloud-Native ROC
Summary Frontier AI models in the post-Mythos era are changing the speed and scale of exposure risk. Security teams are entering an era where AI can help discover, chain, and exploit weaknesses faster than traditional programs can absorb. The challenge is no longer finding more issues; it’s knowi...
libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...