CVE-2026-4739

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK ‎Modules/ThirdParty/Expat/src/expat modules.This issue affects ITK: before 2.7.1...

CVE-2026-4738

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

CVE-2026-4737

CVE-2026-4737 is a Use-After-Free in No-Chicken Echo-Mate affecting the SDK/rv1106-sdk/sysdrv/source/kernel/mm modules, specifically in rmap.C. Affected: Echo-Mate prior to version V250329. Root cause: memory management issue in the mm components. CVSS metrics indicate LOCAL attack vector, HIGH i...

CVE-2026-4736 Math Issue in No-Chicken/Echo-Mate

Improper Handling of Values vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules. This vulnerability is associated with program files nftables.H‎, nftbyteorder.C‎, nftmeta.C‎. This issue affects Echo-Mate: before V250329...

CVE-2026-4736

Improper Handling of Values vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules. This vulnerability is associated with program files nftables.H‎, nftbyteorder.C‎, nftmeta.C‎. This issue affects Echo-Mate: before V250329...

CVE-2026-4736

CVE-2026-4736 affects No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). Affected files: nf_tables.H, nft_byteorder.C, nft_meta.C. Root cause is Improper Handling of Values in the netfilter modules. Impact is indicated as high for confidentiality, integrity,...

CVE-2026-4732

Out-of-bounds Read vulnerability in tildearrow furnace ‎extern/libsndfile-modified/src modules. This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7...

CVE-2026-4731

The CVE-2026-4731 issue is an Integer Overflow or Wraparound vulnerability in ART’s artraweditor (rtengine) modules, tied to the dcraw.C file. Affected software is ART versions before 1.25.12. Documented impact indicates potential instability, with high-severity metrics (CRITICAL) and local attac...

CVE-2026-4731

Integer Overflow or Wraparound vulnerability in artraweditor ART ‎rtengine‎ modules. This vulnerability is associated with program files dcraw.C. This issue affects ART: before 1.25.12...

PT-2026-27316

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.11.0 Description A flaw exists in OSGeo gdal related to improper restriction of operations within the bounds of a memory buffer. This issue is located in the frmts/zlib/contrib/infback9 modules, specifically with...

PT-2026-27326

Out-of-bounds Write vulnerability in timeplus-io proton base/poco/Foundation/src‎ modules. This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16...

PT-2026-27309

Name of the Vulnerable Software and Affected Versions ART versions prior to 1.25.12 Description An integer overflow or wraparound issue exists in the ART raw image editor’s rtengine modules, specifically related to the dcraw.C program file. This can potentially lead to unexpected behavior or...

D-Link DIR-825和D-Link DIR-825R 操作系统命令注入漏洞

D-Link DIR-825 and D-Link DIR-825R are products of D-Link Corporation from China. The D-Link DIR-825 is a router, while the D-Link DIR-825R is a wireless router. Both models, D-Link DIR-825 and D-Link DIR-825R, in their version 1.0.5/4.5.1, have a vulnerability related to operating system command...

PT-2026-27325

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

GO-2026-4786 Mattermost fails to validate user's authentication method when processing account auth type switch in github.com/mattermost/mattermost-server

Mattermost fails to validate user's authentication method when processing account auth type switch in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

GO-2026-4749 Mattermost fails to validate team-specific upload_file permissions in github.com/mattermost/mattermost-server

Mattermost fails to validate team-specific uploadfile permissions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fro...

GO-2026-4744 Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server

Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

websec-audit

🔐 websec-audit Professional Web Security Audit Framework...

Malicious code in aiolrucache (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files,...