CVE-2026-7453 WRL File Parsing Memory Exhaustion in Autodesk 3ds Max

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

EUVD-2026-31911

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2026-7451 TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month

Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code...

CVE-2026-9544

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...

CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

Exploit for OS Command Injection in Olivetin

cve-2025-50946 Exploit script for CVE-2025-50946...

CVE-2026-9544

CVE-2026-9544 affects Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. An unknown functionality in the file /api/Dinner/PayConfig is vulnerable: manipulating the argument tableno enables SQL injection. The issue can be exploited remotely and the exploit is public. Vendo...

Malicious Package

Overview @izumiswap/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

RHSA-2026:20586 Red Hat Security Advisory: thunderbird security update

Bulletin has no description...

MAL-2026-4795 Malicious code in massive (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d8dea3e47a2bd45fc796f33fc582956aec2be887add9672fd5eccc91c2135d Package self-describes as the 'Official Massive formerly Polygon.io REST and Websocket client,' a false rebrand claim — Polygon.io has not changed...

BELL-CVE-2026-43498 CVE-2026-43498 does not affect BellSoft software

Bulletin has no description...

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore aka Screening Serpens and UNC1549 has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli...

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

CVE-2026-8631

A flaw was found in HP Linux Imaging and Printing Software HPLIP. This vulnerability, caused by an integer overflow in the hpcups processing path, occurs when the software handles specially crafted print data. A successful exploit could lead to arbitrary code execution or escalation of privileges...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing bypass vulnerability in the OSS file service URL...

NVIDIA vGPU Software 资源管理错误漏洞

NVIDIA vGPU Software is a management software developed by NVIDIA Corporation in the United States, designed to provide GPU capabilities for virtual machines. This software enables multiple virtual machines to access the host’s GPU, thereby providing graphics performance and application...

Autodesk 3ds Max 安全漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There is a security vulnerability in Autodesk 3ds Max. This vulnerability arises from the possibility of memory corruption during the parsing of specially crafted WRL files. Malicious actors may exploit...

WORM vfs module does not block overwrites

Description The vfsworm module is intended to make files immutable over SMB a short time after they are created. The time window in which they are writable is configurable, defaulting to one hour. The hook that handles renames was checking that the file being renamed was still mutable, but it was...