CVE-2026-24317

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...

KLA90924 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure IOT...

PT-2026-24159

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...

Protection Mechanism Failure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure via the /acp spawn command handler. An attacker can escalate privileges by initializing host-side ACP sessions from a sandboxed context when ACP is enabled an...

curl: CVE-2026-3805: use after free in SMB connection reuse

Summary A heap-use-after-free occurs in smbsendopen at lib/smb.c when curl processes two SMB URLs targeting the same host. The function smbparseurlpath sets req-path as a non-owning pointer into smbc-share connection-owned memory. During connection reuse, the needle connection is freed via...

Permissive Cross-domain Policy with Untrusted Domains

Overview mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted...

GHSA-G9RG-8VQ5-MPWM mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

Summary When the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The wildcard Access-Control-Allow-Origin: header permits any website to read API responses...

PT-2026-26179

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.25.1 Description mcp-memory-service is an open-source memory backend for multi-agent systems. When the HTTP server is enabled MCP HTTP ENABLED=true, the application configures FastAPI's CORSMiddleware wi...

CVE-2026-1678

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-27807

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

PT-2026-23628

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4 Description MarkUs is a web application used for submitting and grading student assignments. Versions of MarkUs before 2.9.4 allow course instructors to upload YAML files to create or update entities like...

CVE-2026-1678

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-1678 dns: memory‑safety issue in the DNS name parser

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-1678

dnsunpackname caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled default, a malicious DNS response can trigger an out-of-bounds wri...

CVE-2026-1678

CVE-2026-1678 affects Zephyr’s DNS name parser. The function dns_unpack_name() caches the buffer tailroom and reuses it when appending DNS labels; as the buffer grows, the cached size can become incorrect, allowing the final null terminator to be written past the buffer. With assertions disabled ...

DEBIAN-CVE-2026-27982

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may allow an attacker to redirect users to an arbitrary external website via a crafted URL...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. Versions of Zephyr prior to 4.3.0 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the tail space in the buffer used by the dnsunpackname function, which could lead...

PT-2026-23408

Name of the Vulnerable Software and Affected Versions Zephyr RTOS affected versions not specified Description The dns unpack name function in Zephyr RTOS contains a flaw where it caches the buffer tailroom and reuses it when appending DNS labels. As the buffer expands, the cached size becomes...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005578)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005578 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be...

CVE-2026-28783

CVE-2026-28783 affects Craft CMS (Craft CMS core) where a blocklist of potentially dangerous PHP functions is bypassable via Twig non-Closure arrow functions. Affected versions are prior to 5.9.0-beta.1 and 4.17.0-beta.1. Successful exploitation requires attacker permissions (production allowAdmi...