CVE-2026-4016

CVE-2026-4016 affects GPAC 26.03-DEV; the vulnerability is in svgin_process within src/filters/load_svg.c of the SVG Parser, causing an out-of-bounds write. Local access is required, and the exploit has been publicly disclosed. The patch identifier is 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2, wit...

EUVD-2026-11489

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

CVE-2026-3965

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

PT-2026-24918

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js iterator concat return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name:...

CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

CVE-2026-3949

CVE-2026-3949 — libheif (up to 1.21.2) has a vulnerability in the HEIF File Parser component. The issue is in the function vvdec_push_data2 (libheif/plugins/decoder_vvdec.cc), where manipulating the argument size can cause an out-of-bounds read . The vulnerability requires local access to exploit...

CVE-2026-3789

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...

CVE-2026-20430

In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151...

CVE-2025-15597 Dataease SQLBot API Endpoint assistant.py access control

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

PT-2026-22289

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan string of the file src/be lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name:...

CVE-2026-3185

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

EUVD-2026-8779

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...

EUVD-2026-8610

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

CVE-2026-3145

A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is...

PT-2026-21863

A vulnerability was found in libvips up to 8.18.0. This affects the function vips foreign load csv build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The pat...

PT-2026-21378

Name of the Vulnerable Software and Affected Versions janet-lang versions prior to 1.41.0 Description A flaw exists in the janet-lang software, specifically within the janetc varset function located in the src/core/specials.c file, part of the handleattr Handler component. This issue can lead to ...

CVE-2026-2531

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

binutils: GNU Binutils Linker heap-based overflow

A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...