PT-2026-25717

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

SQL Injection

Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...

EUVD-2026-11744

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry

Summary A crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. In affected versions, the ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a...

CVE-2026-32630 file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer, fileTypeFromBlob, or fileTypeFromFile. The ZIP inflate output limit is enforced for...

EUVD-2026-11645

Poseidon V1 variable-length input collision via implicit zero-padding...

GHSA-G2P6-HH5V-7HFM Poseidon V1 variable-length input collision via implicit zero-padding

Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...

Poseidon V1 variable-length input collision via implicit zero-padding

Impact Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ..., mk, 0 because both produce identical pre-permutation states. This affects any use of PoseidonSpong...

CVE-2026-22193

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerabilit...

CVE-2026-32322 soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

CVE-2026...

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

CVE-2026-3904

A flaw was found in glibc. When calling NSS-backed functions that support caching via nscd, the nscd client under high load on x8664 systems may call the memcmp function on inputs that are concurrently modified by other processes or threads, causing a crash and resulting in a denial of service...

soroban-poseidon 安全漏洞

Soroban-Poseidon is a Poseidon hash function library developed by Stellar for smart contracts. Soroban-Poseidon has a security vulnerability, which stems from Poseidon V1 accepting variable-length inputs without using injective padding, potentially leading to simple hash collisions...

PT-2026-25085

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

CVE-2026-31975

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.25.0, OS Command Injection via WebSocket Shell. Both projectPath and initialCommand in server/index.js are taken directly from the WebSocket message payload and interpolated into...