Linbit csync2 安全漏洞

Linbit csync2 is a cluster synchronization tool developed by the Austrian company Linbit. It is primarily used to keep files synchronized across multiple hosts within a cluster. Linbit csync2 has a security vulnerability that stems from the use of insecure temporary directories during compilation...

freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed fro...

esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

Summary A Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. Details The vulnerable...

GHSA-RG65-45M7-HQ57 esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

Summary A Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. Details The vulnerable...

CVE-2026-42545 Granian: DoS via WSGI response header panic

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...

CVE-2026-42545

Granian is a Rust HTTP server for Python applications. Vulnerable from 0.2.0 up to 2.7.4, where the WSGI response conversion path uses .unwrap() on header name and value constructors; malformed headers trigger a worker process abort instead of handling the error. This results in a Denial of Servi...

EUVD-2026-29751

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

EUVD-2026-29750

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/pkg/shim to version 0.1.2 or...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/pkg/util to version 0.1.2 or...

CVE-2026-28940

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory...

CVE-2026-28905

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4:...

CVE-2026-28917

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-28944

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

CVE-2026-23824

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

CVE-2026-23824

CVE-2026-23824 affects the protocol-handling component of AOS-8 and AOS-10 operating systems. An unauthenticated attacker can send specially crafted network messages to the affected service, exploiting insufficient input validation to terminate a critical system process and cause a denial-of-serv...

CVE-2026-23824 Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Component

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

MAL-2026-3615 Malicious code in ai-spellcheckers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 205425d7a8407b8bed958a99660e2ec74e21f9b0e1427659529636347333c5c9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...