YKWriter

YKWriter 🔑💾 YKWriter is a lightweight Windows Forms utili...

OSV-2026-812 Heap-buffer-overflow in ihevcd_fmt_conv_422sp_to_420p

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv422spto420p ihevcdfmtconv ihevcddecode...

RHEL 9 : gimp (RHSA-2026:20691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20691 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

MediaInfoLib 安全漏洞

MediaInfoLib is a tool developed by MediaArea for displaying technical information and tag data related to audio and video files. MediaInfoLib has a security vulnerability, which stems from a heap buffer overflow issue during LXF parsing...

PT-2026-46875

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv 422sp to 420p ihevcd fmt conv ihevcd decode...

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Python format strings to insert id and text values into tags without proper HTML escapin...

Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

ALSA-2026:20596 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

CVE-2026-9501 GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion

A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

Disclaimer The code and materials contained in this repository...

CVE-2026-42046

A flaw was found in libcaca, a colour ASCII art library. An integer overflow vulnerability in the canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write by supplying a specially crafted file in the "caca" format. This heap overflow can lead to memory...

OSV-2026-808 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...

PT-2026-46106

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd process thread start thread...

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the LXF parsing functionality of MediaInfoLib versions: 26.01. A specially crafted .lxf file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Confirmed Vulnerable Versions The...

CVE-2026-9354 NousResearch hermes-agent Slack Agent/Mattermost Agent escape output

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument formatmessage results in escaping of output. The attack can be executed remotely. The exploit is n...

CVE-2026-9354

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument formatmessage results in escaping of output. The attack can be executed remotely. The exploit is n...

[SECURITY] Fedora 42 Update: evince-48.1-2.fc42

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...

PT-2026-45894

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd decode ihevcd cxa api function...

PT-2026-45893

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515663946 Crash type: Container-overflow READ 1 Crash state: OpenBabel::MDLFormat::ReadV3000Block OpenBabel::MDLFormat::ReadMolecule OpenBabel::OBConversion::Read...