CVE-2026-41483 Unbounded HTTP response body read in OpenTelemetry.Resources.Azure

OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...

MAL-2026-3163 Malicious code in npm-global-util (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

EUVD-2026-12176

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

PT-2026-25397

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

PT-2026-22401

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.11 Description Indico, an event management system utilizing Flask-Multipass, contains a flaw in the API endpoint responsible for managing event series. This endpoint lacks a necessary access check, potentially...

EUVD-2021-16074

Malware in sbrugna...

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

...

DENX U-Boot 缓冲区错误漏洞

DENX U-Boot is a content management system. A security vulnerability exists in versions prior to DENX U-Boot v2022.07, which stems from a flaw in the metadata read process, and U-Boot's squash file system contains a heap-based buffer overflow vulnerability...

php: Information disclosure in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

An out-of-bounds read has been found in PHP when function exifiifaddvalue handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash...