CVE-2026-10233

A flaw was found in Assimp, within its Half-Life 1 MDL Loader component. A local attacker could exploit an out-of-bounds read vulnerability by manipulating specific input. This could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either not available or t...

CVE-2026-45446

A flaw was found in OpenSSL. The implementations of AES-SIV Advanced Encryption Standard - SIV and AES-GCM-SIV Advanced Encryption Standard - Galois/Counter Mode - SIV incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages...

CVE-2026-34183

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

CVE-2026-10231

A flaw was found in Assimp, a library for importing various 3D model formats. A local attacker could exploit a heap-based buffer overflow vulnerability in the Half-Life 1 MDL Loader component. By manipulating a specific argument, an attacker could cause the application to crash, leading to a deni...

CVE-2026-48524

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. A remote attacker can exploit this vulnerability by sending specially crafted JWTs with unknown 'kid' key ID values. This can force the PyJWKClient.getsigningkey function to make an unlimited number of unrate-limit...

CVE-2026-8647

A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...

CVE-2026-35193

A flaw was found in Django. This vulnerability allows a remote attacker to read private cached responses. This occurs because the UpdateCacheMiddleware in Django does not correctly add the Authorization header to the Vary response header for requests that include an Authorization header but lack...

CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

CVE-2026-3276

A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...

CVE-2026-50031

A flaw was found in FreeIPMI. Specifically, the ipmi-oem client command, which implements Intelligent Platform Management Interface IPMI OEM commands, contains exploitable buffer overflows. A remote attacker could exploit these vulnerabilities by sending specially crafted response messages to the...

CVE-2026-44579

A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...

CVE-2026-44574

A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could...

CVE-2026-7210

A flaw was found in the python and expat components. Insufficient entropy in the hash-flooding protection mechanism of xml.parsers.expat and xml.etree.ElementTree allows a remote attacker to craft a malicious XML document. This crafted document can trigger a hash flooding attack, leading to a...

CVE-2026-43868

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

CVE-2026-45157

A flaw was found in Nextcloud Server. A malicious user with access to a file share could exploit this vulnerability by using the share token to directly access the chunking upload process. This allows the attacker to view temporary part files during ongoing uploads, leading to information...

CVE-2026-10199

A flaw was found in Assimp. A local attacker could trigger a null pointer dereference by manipulating an argument in the glTF2::LazyDict function. This vulnerability, located in the glTF2Asset.h library, could lead to an application crash, resulting in a denial of service DoS. Mitigation Mitigati...

CVE-2026-10198

A flaw was found in Assimp, specifically within the glTFImporter component. A local attacker could exploit a null pointer dereference vulnerability in the Assimp::glTFImporter::ImportMeshes function. This could lead to a denial of service DoS by causing the application to crash. Mitigation...

CVE-2026-45285

A flaw was found in Nextcloud. When a user shares a folder or file with a Nextcloud Team that includes an external member, the system automatically generates a public link for that external member. This link, which is not visible to the folder owner, grants the same permissions as the Team's...

CVE-2026-45690

A flaw was found in Nextcloud Server. This vulnerability allows a remote attacker, with knowledge of a user's password, to bypass two-factor authentication 2FA protections. When a user attempts to log in with valid credentials on a 2FA-enabled account, a temporary session token is generated befor...

CVE-2026-10230

A flaw was found in Assimp, specifically within the Half-Life 1 MDL Loader component. A local attacker could exploit a heap-based buffer overflow vulnerability in the readanimations function of HL1MDLLoader.cpp. This could lead to information disclosure, denial of service, or potentially arbitrar...