CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

CVE-2026-11460

Boost Serialization up to 1.91 has an improper validation flaw in an unknown function. The vulnerability can be exploited remotely; the exploit has been published. No patch is currently available and the disclosure deadline has expired; maintainers were notified in Aug 2025.

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

CVE-2026-11460 Boost Serialization improper validation of specified type of input

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

PT-2026-47187

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

Linux i915 PTE Use-After-Free

i915 code in Linux has an out-of-bounds PTE write in vmfaultgtt that leads to a PTE use-after-free condition. I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a f...

Linux i915 PTE Use-After-Free Exploit

Linux i915 suffers from an out-of-bounds PTE write in vmfaultgtt that leads to a PTE use-after-free vulnerability. I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. I...

Linux i915 PTE Use-After-Free

I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will becom...

var2.astro.cz Cross Site Scripting vulnerability OBB-3953364

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

security-research

Security Research This project hosts security advisories and...

legionpost26.org Cross Site Scripting vulnerability OBB-3332598

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pref.pl Cross Site Scripting vulnerability OBB-3096288

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

stirlingboaroundtable.co.uk Cross Site Scripting vulnerability OBB-2802702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AWS CloudShell Terminal Escape Injection / Remote Code Execution Vulnerabilities

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance. Terminal escape injection in AWS CloudShell The javascript terminal emulator used by...

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who...

F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write Vulnerability

Big IP's Traffic Management Microkernels TMM URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition. F5 Big IP - TMM urinormalizehost infoleak and out-of-bounds write Big IP's Traffic Management Microkernels TMM URI...

leptonica:adaptmap_fuzzer: Heap-use-after-free in pixChangeRefcount

Project: https://github.com/DanBloomberg/leptonica.git Detailed Report: https://oss-fuzz.com/testcase?key=4941737753313280 Project: leptonica Fuzzing Engine: libFuzzer Fuzz Target: adaptmapfuzzer Job Type: libfuzzerasanleptonica Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash...

imagemagick:ping_pwp_fuzzer: Stack-buffer-overflow in SetStringInfoDatum

Project: https://github.com/imagemagick/imagemagick.git Detailed Report: https://oss-fuzz.com/testcase?key=5632955822899200 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: pingpwpfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash...

ffmpeg:ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer: Heap-buffer-overflow in magy_decode_slice

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=6005121199374336 Project: ffmpeg Fuzzing Engine: honggfuzz Fuzz Target: ffmpegAVCODECIDMAGICYUVfuzzer Job Type: honggfuzzasanffmpeg Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Addres...

skia:sksl2spirv: Segv on unknown address in std::__1::unique_ptr<SkSL::Expression, std::__1::default_delete<SkSL::Expression

Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=6198631948091392 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2spirv Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...