CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

ROS-20260512-73-0011

Vulnerability in hdf5 related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

catalystcoop-ferc-xbrl-extractor (>=0.6.1 <=0.8.4), catalystcoop-pudl (>=2022.11.30 <=2022.11.30.post1) +1 more potentially affected by CVE-2026-42796 via arelle-release (>=2.10.8 <=2.2.4)

arelle-release PYPI version =2.10.8, =0.6.1, =2022.11.30, =0.6.1, =0.7.0rc1 Source cves: CVE-2026-42796 Source advisory: SNYK:PYTHON-ARELLERELEASE-16635954...

Huawei HarmonyOS multi-mode input system double release vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS multi-mode input system, which can be exploited by an attacker to cause an availability impact...

mercure 安全漏洞

Mercure is a real-time data delivery protocol and server implementation developed by Kévin Dunglas as an individual project. Versions of Mercure prior to 0.22.0 contained security vulnerabilities. These vulnerabilities were caused by conflicts in cache keys within the TopicSelectorStore, which...

Linux kernel double release vulnerability (CNVD-2026-16036)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a double-release vulnerability, which stems from the bsgdone function resulting in a double-release that can be exploited by an attacker to cause the...

EUVD-2026-17221

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.23.0 contained security vulnerabilities. These vulnerabilities stemmed from data pointers in the xfAppUpdateWindowFromSurface cache pointing to XImage in the RDP GFX surface buffer...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Missing Release of Resource after Effective Lifetime

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Microsoft Windows 后置链接漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. Microsoft Windows has a post-release vulnerability. Attackers can exploit this vulnerability to gain higher privileges...

ROS-20260128-73-0042

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260128-73-0049

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

vlt security vulnerabilities

Vlt is a code repository open-sourced by Vlt. Versions of Vlt prior to 1.0.0-rc.10 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the tar path cleanup, which could lead to path traversal during extraction...

Huawei HarmonyOS Multimode Input Module Double Release Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS multimode input module, which can be exploited by an attacker to cause input functionality to b...

CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

Huawei HarmonyOS/EMUI Post-Release Reuse Vulnerability

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A post-release...