GHSA-J3W3-P6MR-3HRH DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

PT-2026-29697

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

New FCC router ban could leave home networks less secure

On Monday, the Federal Communications Commission FCC updated its list of insecure equipment, outlining its reasons for adding all consumer-grade routers made outside the US. Effectively, this would stop foreign-made routers from being imported unless their manufacturers obtain an exemption, due t...

CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...

Computer Vision Frameworks: Features And Future Trends

Computer vision frameworks explained, features, types, and future trends. Learn how AI tools process images, train models, and…...

CVE-2026-4216

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

WordPress Slider‑Future 1.0.5 Exposure Scanner

This Metasploit auxiliary module is designed to detect exposure of the WordPress Slider‑Future plugin REST endpoint at /wp-json/slider-future/v1/upload-image/. The module performs a non-intrusive HTTP request OPTIONS method to determine whether the endpoint is accessible. It does not upload files...

📄 WordPress Slider‑Future 1.0.5 Arbitrary File Upload

This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress Slider‑Future plugin version 1.0.5. ============================================================================================================================================= | Title :...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

CVE-2026-27195 affects Wasmtime in versions where component-model-async is default (from 39.0.0). The bug causes a panic when a host embeds calls to wasmtime::component::[Typed]Func::call_async, drops the returned Future after polling, and then reuses the same component instance before the first ...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...