CVE-2026-35049 wire-ios has Persistent Remote DoS via Integer Underflow

wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receiv...

CVE-2026-35049

The CVE-2026-35049 entry affects the wire-ios iOS client. Before version 4.16.0, processing a crafted Proteus external message with an encrypted payload under 16 bytes causes an automatic crash after receipt. The malicious message remains in the conversation and causes a crash loop on relaunch, p...

CVE-2026-33009 EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

CVE-2026-25580

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...

CVE-2026-25580

Pydantic AI has an SSRF vulnerability in its URL download path. From version 0.0.26 up to, but not including, 1.56.0, untrusted message history can cause the server to fetch URLs that reach internal resources or cloud metadata, exposing internal services or cloud credentials. The issue affects ap...

CVE-2026-25580

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...

GHSA-2JRP-274C-JHV3 Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

PT-2026-6846

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

GHSA-HFRJ-3W3G-JV32 TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

CVE-2024-28120

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...