PT-2026-29749

Name of the Vulnerable Software and Affected Versions LibRaw versions up to 0.22.0 Description A flaw exists in LibRaw up to version 0.22.0 within the LibRaw::nikon load padded packed raw function located in the src/decoders/decoders libraw.cpp file, related to the TIFF/NEF component. Manipulatio...

CVE-2026-5125

The vulnerability CVE-2026-5125 affects raine consult-llm-mcp up to 2.5.3, specifically the function child_process.execSync in src/server.ts. Manipulating git_diff.base_ref/git_diff.files can lead to OS command injection with local access. A public exploit exists and upgrading to 2.5.4 (patch 4ab...

CVE-2026-5124 osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The...

UBUNTU-CVE-2026-4985

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

CVE-2026-4985

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

CVE-2026-4985

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

CVE-2026-4985

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

CVE-2026-4115

PuTTY 0.83 is affected by CVE-2026-4115 in the Ed25519 Signature Handler (eddsa_verify in crypto/ecc-ssh.c). The vulnerability causes improper verification of cryptographic signatures. Exploitation may be performed remotely, but the attack is described as high complexity with low exploitability. ...

CVE-2026-4240

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may...

CVE-2026-4040 OpenClaw File Existence tools.exec.safeBins information exposure

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svginprocess of the file src/filters/loadsvg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has...

UBUNTU-CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svginprocess of the file src/filters/loadsvg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has...

CVE-2026-3965

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

EUVD-2026-10214

A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gifdecoder.c. Such manipulation of the argument canvasheight leads to integer overflow. Local access is required to approach this attack. The exploit is...

GHSA-XC68-RRQC-QGQ3 MCP NMAP Server has an Injection vulnerability

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

PT-2026-22539

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

PT-2026-22545

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-3285

Affected software: berry-lang (up to 1.1.0). Vulnerable component: function scan_string in src/be_lexer.c, where input handling leads to an out-of-bounds read. Impact is local, with confidential data exposure unlikely but integrity/availability unaffected per sources. The exploit has been publicl...

PT-2026-22288

A vulnerability was found in libvips 8.19.0. Impacted is the function vips extract area build of the file libvips/conversion/extract.c. The manipulation of the argument extract area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be...

CVE-2026-3209

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...