CVE-2026-2500

The Quick Playground WordPress plugin vulnerability (

CVE-2026-47332

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

CVE-2026-48111

CVE-2026-48111 affects 7-Zip versions 9.21 through 26.00. The vulnerability is an off-by-one out-of-bounds read in the UEFI firmware image parser (ParseDepedencyExpression in UefiHandler.cpp). The code validates an opcode with > instead of >= against a 10-entry static array, allowing an opc...

EUVD-2026-34051

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

CVE-2026-0076

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10267

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attack...

PUB-A-481300795

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate

Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcpserver/adapters/clitools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

OESA-2026-2509 dnsmasq security update

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...

CVE-2025-41278

The CVE-2025-41278 entry concerns Nozomi Networks’ Waterfall WF-500 RX Host (version 7.10.0.0 R2601141040). A CWE-125 Out-of-bounds Read vulnerability exists in the RX Host’s handling, enabling code execution on the RX Host by an attacker who has access to the TX Host. The description indicates t...

Linux Distros Unpatched Vulnerability : CVE-2026-9953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory v...

Linux Distros Unpatched Vulnerability : CVE-2026-9895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a...

CVE-2026-9908

Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-39929

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

EUVD-2026-33019

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

CVE-2026-24196

NVIDIA GPU Display Driver for Linux contains a vulnerability (CVE-2026-24196) that could allow an out-of-bounds read, potentially leading to denial of service and information disclosure. Affected product: NVIDIA Linux display driver; root cause: out-of-bounds read in the driver. Impact: denial of...

CVE-2026-9530 GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read2004compressedsection of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made...

xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

PT-2026-43270

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An out-of-bounds read exists in the NetFlow v9 data flowset processor within the src/netflow plugin/netflow v9 collector.cpp file. The Data template branch iterates over flow...