CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

Improper Output Neutralization for Logs

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...

GO-2026-5039 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

JDWPEx

JDWP Remote Code Execution Exploit A Python 3 implement...

EUVD-2026-33807

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-33813

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-33787

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-33799

In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2026-33766

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2131-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2131-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.34 fixes various security issues The following security issues were fixed: -...

CVE-2026-0067

In multiple functions of ubsanthrowingruntime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0009

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...