CVE-2026-4541

The CVE-2026-4541 entry concerns janmojzis tinyssh (up to 20250501) with a flaw in the Ed25519 Signature Handler—specifically in tinyssh/crypto_sign_ed25519_tinyssh.c. The issue is described as improper verification of a cryptographic signature in a local-execution scenario, with high attack comp...

CVE-2026-4240 Open5GS CCA smf_s6b_sta_cb denial of service

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may...

CVE-2026-4174 Radare2 Mach-O File mach0.c walk_exports_trie resource consumption

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit h...

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

UBUNTU-CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

CVE-2026-3395

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

EUVD-2026-8657

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

CVE-2026-2889 CCExtractor mp4.c processmp4 use after free

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/libccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6...

CVE-2026-2241

A denial of service flaw was found in janet-lang. A local attacker can exploit a vulnerability in the osstrftime function by manipulating input, which causes an out-of-bounds read. This issue can lead to a Denial of Service DoS, making the system unresponsive or unavailable. Mitigation Mitigation...

CVE-2026-2240

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetcpopfuncdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be use...

SUSE CVE-2025-15533

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

EUVD-2025-206054

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-15155

A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function sgpipelinedescdefaults in the library sokolgfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now...

CVE-2025-14909

A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to mana...

CVE-2025-14958 floooh sokol sokol_gfx.h _sg_pipeline_common_init heap-based overflow

A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function sgpipelinecommoninit in the library sokolgfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The...

EUVD-2025-203309

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

EUVD-2025-33260

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

CVE-2025-11495 GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elfx8664relocatesection of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

EUVD-2025-24938

Malicious code in bioql PyPI...