EUVD-2026-10152

UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...

CVE-2026-29075 Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

GHSA-56PC-6HVP-4GV4 OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

CVE-2026-25154

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...

PT-2026-5027

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.1 Description RAGFlow, an open-source RAG Retrieval-Augmented Generation engine, contains a “Zip Slip” issue in the MinerU parser. This allows an attacker to overwrite arbitrary files on the server, potentially...

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2025-14174 Analysis: ANGLE Metal Staging Buffer Out-of-Bou...

Linux Distros Unpatched Vulnerability : CVE-2025-68696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow thi...

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

CVE-2025-65957

Core Bot (open-source Discord bot for maple hospital servers) contained an information-disclosure vulnerability prior to commit dffe050, where API keys (SUPABASE_API_KEY, TOKEN) loaded from environment variables could be exposed in configuration summaries, logs, or embeds due to incomplete redact...

CVE-2025-64524

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

EUVD-2025-198229

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISARAPTSNAPSHOTDATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb...

CVE-2025-65100 Security Snapshot May Use Unintended Timestamp When Only ISAR_APT_SNAPSHOT_DATE Is Set

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISARAPTSNAPSHOTDATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb...

sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability

Patch This is fixed with commit b953092, with the fix available in OpenUSD 25.11 and onwards. Summary We have been advised by Zero Day Initiative that our usage of the USD framework may constitute a Use-After-Free Remote Code Execution Vulnerability. They have sent us the attached file illustrati...

EUVD-2021-24192

Malware in sbrugna...

EUVD-2024-30655

Malicious code in bioql PyPI...

EUVD-2023-53276

Malicious code in bioql PyPI...