CVE-2026-22017

...

Use of a Broken or Risky Cryptographic Algorithm

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Kerberos credentialing. An attacker can intercept sensitive information by capturing unencrypted credentials during transmission. Remediation A fix was pushed into the master branch...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Arena memory allocation. An attacker can cause unintended modification of data by providing specially crafted input that manipulates memory allocation boundaries. Remediation A fix was pushed into the...

GHSA-CJC8-G9W8-CHFW vulnerabilities

Vulnerabilities for packages: imagemagick...

CVE-2025-62594 vulnerabilities

Vulnerabilities for packages: imagemagick...

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace...

Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns

Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems...

CVE-2025-41011

CVE-2025-41011 — HTML injection in PHP Point of Sale v19.4 due to insufficient input validation in the /reports/generate/specific_customer endpoint (parameters: start_date_formatted, end_date_formatted). This allows rendering HTML in the victim’s browser. CVSS 4.0: Attack vector NETWORK; attack c...

Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System

CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...

OSV-2026-605 Heap-buffer-overflow in DwaCompressor_uncompress

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155 Crash type: Heap-buffer-overflow WRITE Crash state: DwaCompressoruncompress internalexrundodwaa exruncompresschunk...

OSV-2026-603 UNKNOWN READ in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504268343 Crash type: UNKNOWN READ Crash state: ::calluncheckedraw::::callimpldocall:: wasmtimeinternalfiber::stackswitch::x8664::wasmtimefiberstart...

PHP Point of Sale 跨站脚本漏洞

PHP Point of Sale is an online sales point system for small retail businesses managed by PHP Point of Sale Inc. Version PHP Point of Sale v19.4 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the startdateformatted and enddateformatted...

Mozilla -- Other issue in the JavaScript Engine component

https://bugzilla.mozilla.org/showbug.cgi?id=2023343 reports: Other issue in the JavaScript Engine component...

Mozilla -- Incorrect boundary

https://bugzilla.mozilla.org/showbug.cgi?id=2027501 reports: Incorrect boundary conditions in the WebRTC component...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013363)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013363 advisory. In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must...

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2013619 reports: Use-after-free in the JavaScript: WebAssembly component...

Mozilla -- Privilege escalation in the Debugger component

https://bugzilla.mozilla.org/showbug.cgi?id=2023753 reports: Privilege escalation in the Debugger component...

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2027541 reports: Use-after-free in the JavaScript Engine component...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013345 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this...