OSV-2026-696 Use-of-uninitialized-value in JXRHandler::read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=510577322 Crash type: Use-of-uninitialized-value Crash state: JXRHandler::read kimgiofuzzer.cc interceptormalloc...

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

OSV-2026-659 Heap-buffer-overflow in ___interceptor_strncpy

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507904196 Crash type: Heap-buffer-overflow WRITE Crash state: interceptorstrncpy concathashstring ndpisearchsshtcp...

Command Injection

Overview @burtthecoder/mcp-dnstwist is a MCP server for dnstwist - DNS fuzzing to detect typosquatting, phishing and corporate espionage Affected versions of this package are vulnerable to Command Injection via the fuzzdomain MCP tool. An attacker can execute arbitrary operating system commands b...

CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

EUVD-2026-26300

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7443

CVE-2026-7443 affects BurtTheCoder mcp-dnstwist ≤ 1.0.4, specifically the fuzz_domain function in src/index.ts of the MCP Interface. The weakness permits remote execution of OS commands via manipulation of the Request argument. Exploitation is possible remotely and public exploits exist. The vuln...

OSV-2026-649 Container-overflow in OGRGeometryFactory::organizePolygons

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506932597 Crash type: Container-overflow WRITE 1 Crash state: OGRGeometryFactory::organizePolygons OGRCreateFromShapeBin OpenFileGDB::FileGDBOGRGeometryConverterImpl::CreateCurveGeometry...

OSV-2026-646 Heap-buffer-overflow in sentencepiece::unigram::Model::EncodeOptimized

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507169860 Crash type: Heap-buffer-overflow READ 8 Crash state: sentencepiece::unigram::Model::EncodeOptimized sentencepiece::unigram::Model::Encode sentencepiece::SentencePieceProcessor::Encode...

PT-2026-36023

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launche...

DNStwist MCP Server 命令注入漏洞

DNStwist MCP Server is a domain name security detection tool developed by Burt personally. Versions of DNStwist MCP Server 1.0.4 and earlier contained a command injection vulnerability. This vulnerability stemmed from the fuzzdomain function in the src/index.ts file, where the Request operation o...

OSV-2026-632 Use-of-uninitialized-value in PKFormatConverter_InitializeConvert

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506459298 Crash type: Use-of-uninitialized-value Crash state: PKFormatConverterInitializeConvert PKFormatConverterInitialize JXRHandler::read...

OSV-2026-629 Security exception in org.apache.thrift.protocol.TProtocolUtil.skip

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506318134 Crash type: Security exception Crash state: org.apache.thrift.protocol.TProtocolUtil.skip org.apache.thrift.protocol.TCompactProtocol.readByte org.apache.thrift.protocol.TCompactProtocol.readFieldBegin...

OSV-2026-623 Use-of-uninitialized-value in Mat_PrintNumber

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505903317 Crash type: Use-of-uninitialized-value Crash state: MatPrintNumber MatPrintData MatVarPrint...

OSV-2026-621 Use-of-uninitialized-value in vcardtime_from_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505903588 Crash type: Use-of-uninitialized-value Crash state: vcardtimefromstring vcardvaluenewfromstring parsevcard...

OSV-2026-620 Heap-buffer-overflow in ixheaace_process

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505674302 Crash type: Heap-buffer-overflow WRITE Crash state: ixheaaceprocess xaacencfuzzer.cpp...

ARIstoteles -- Dissecting Apple's Baseband Interface

Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance...

OSV-2026-616 Use-of-uninitialized-value in JXRHandlerPrivate::colorSpace

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505263965 Crash type: Use-of-uninitialized-value Crash state: JXRHandlerPrivate::colorSpace JXRHandlerPrivate::imageFormat JXRHandler::read...