CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2026-40369: Defensive Analysis of the 12-Byte Windows Kern...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...

CVE-2026-44633

Live Helper Chat 4.84v REST API chat update endpoint is vulnerable: a REST user with lhchat/use can update a chat in a department they cannot read, accepting arbitrary chat object fields to alter hash and status and potentially tamper via visitor/widget paths. The same write primitive can set ope...

GHSA-QG8R-F7X3-25F7 imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

Axios: Header Injection via Prototype Pollution

Summary A prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders,...

DrvEye

drivertool A static-analysis & exploitation-triage toolkit...

EUVD-2026-25796

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

denuOwO-hypervisor-vulnerabilities

DenuOwO SVM/VMX Hypervisor — 6 Vulnerabilities PoC + Analysis...

BinExploit-Bench

BinExploit-Bench: Binary Exploitation Capability Benchmark for...

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

Exploit for Out-of-bounds Read in Microsoft

!CVEhttps://img.shields.io/badge/CVE-2025--60709-FF0000?styl...

TraceGuard: Process-Guided Firewall against Reasoning Backdoors in Large Language Models

The deployment of Large Reasoning Models LRMs in high-stakes decision-making pipelines has introduced a novel and opaque attack surface: reasoning backdoors. In these attacks, the model's intermediate Chain-of-Thought CoT is manipulated to provide a linguistically plausible but logically fallacio...

CVE-2026-27007

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the HelloChrome120, HelloChrome120PQ, HelloChrome131 and HelloChrome133 symbols due to inconsistent ciphersuite selection between the outer ClientHello and ECH for GREASE...

CLSA-2026-1771004705 Fix CVE(s): CVE-2025-68168, CVE-2025-69204

SECURITY UPDATE: stack overflow via deeply nested MSL/SVG elements - debian/patches/CVE-2025-68168.patch: add recursion depth checking in MSLStartElement and SVGStartElement to prevent stack exhaustion - CVE-2025-68168 SECURITY UPDATE: integer overflow in SVG PathPrimitive processing -...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

Use of a Cryptographic Primitive with a Risky Implementation

Overview org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation. Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the incorrect computation of the byte-length of k value with leadin...

Nextcloud: SVG filter primitives bypass remote image blocking, enabling email tracking without consent.

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail application. The sanitizer did not properly handle the SVG filter primitive, allowing external resources to be loaded even when the "Block remote images" setting was enabled. This vulnerability could be used to track...

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...