Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the WebSocket process. An attacker can cause the server to crash and disrupt service availability for all users by sending a specially crafted binary WebSocket message to the public endpoin...

CVE-2026-39869

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file...

GHSA-9H64-2846-7X7F Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

CVE-2026-7611 TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

CVE-2026-7611 TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`

Arbitrary code execution in guest via memory safety failure in sysread In affected versions of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute...

RHEL 8 / 9 : OpenShift Container Platform 4.12.74 (RHSA-2025:2443)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:2443 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

SolarWinds advanced cyberattack: What happened and what to do now

We learned more about the sophisticated attack first disclosed on December 8 when security firm FireEye reported it had been the victim of a state-sponsored adversary that stole Red Team assessment tools. On December 13 there was a new development when IT company SolarWinds announced it had been...