CVE-2026-45302 Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

CVE-2026-45302

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

OPENSUSE-SU-2026:20857-1 Security update for mapserver

This update for mapserver fixes the following issues: Changes in mapserver: - Update to releasee 8.6.3 SLD parser: fix out of bounds access on SLD with only a Rule with a ElseFilter but without a symbolizer CVE-2026-33721, boo1260869 CVE-2026-45104, boo1266663...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.14.2.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.14.2.jar Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This...

Advisory ROSA-SA-2026-3301

Component: libconfuse 3.3 Operating System: ROSA-CHROME Unaffected versions: = libconfuse-3.3-3 Affected versions: libconfuse-3.3-3 CVE-ID: CVE-2022-40320 BDU-ID: 2022-05795 CVE-Crit: LOW CVE-DESC.: The vulnerability in the cfgtildeexpand function of the configuration file parser library libConfu...

Security update for wireshark

This update for wireshark fixes the following issues CVE-2026-5401: AFP dissector crash bsc1263756. CVE-2026-5403: SBC audio codec crash bsc1263765. CVE-2026-5404: K12 RF5 file parser crash bsc1263766. CVE-2026-5405: RDP dissector crash bsc1263767. CVE-2026-5406: FC-SWILS dissector crash...

DEBIAN-CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

UBUNTU-CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

CVE-2026-10232

Technical details about CVE-2026-10232 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-10232 Assimp ASE File scene.cpp ~aiNode use after free

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

CVE-2026-10232 Assimp ASE File scene.cpp ~aiNode use after free

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

EUVD-2026-33565

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

EUVD-2026-33522

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

Assimp resource management error vulnerability

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained a resource management vulnerability. This vulnerability stemmed from a issue with the ASE File Parser component in the scene.cpp...

PT-2026-45276

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

PUB-A-481652714

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...