rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers

CipherCtxRef::cipherupdateinplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption whe...

GHSA-RF5Q-VWXW-GMRF Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder

Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a Transfer-Encoding: chunked request whose body ends with a trailer field RFC 9112 §7.1.2 explicitly permits this causes the connection's worker process to spin forever in...

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution

This module exploits CVE-2023-7102, an arbitrary code execution vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the Amavis scanner processes Excel attachments using the Perl Spreadsheet::ParseExcel library. The library's Utility.pm contains an...

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33633 Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

CVE-2026-8388

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript Engine: JIT component...

EUVD-2026-30965

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

CVE-2026-8604

CVE-2026-8604 concerns ScadaBR 1.2.0 and is described as a CSRF vulnerability that could allow an attacker to trigger any authenticated action via a victim’s session by convincing a logged-in user to visit a malicious page. The available sources confirm the affected software and the underlying is...

EUVD-2026-30959

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...

WordPress All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by 0x61626390 in WordPress Plugin All In One SEO Pack versions = 4.9.7...

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the victim's browser...

Cross-site Scripting (XSS)

Overview @haxtheweb/iframe-loader is an Adds a loading indicator for iframes. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...

Advisory ROSA-SA-2026-3285

software: vim 9.2.0321 WASP: ROSA-CHROME unaffected versions = vim-9.2.0321-1 affected versions vim-9.2.0321-1 CVE-ID: CVE-2026-33412 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A command injection vulnerability in the Vim text editor allows an attacker to execute arbitrary shell commands via a...

CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

CVE-2026-8975

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox...

cpython: wsgiref.headers.Headers allows header newline injection in Python

Missing newline filtering has been discovered in Python. User-controlled header names and values containing newlines can allow injecting HTTP headers...