3355 matches found
OSV-2026-176 Container-overflow in std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479922666 Crash type: Container-overflow READ Crash state: std::1::vector, std:: void std::1::vector, fillcommonheader...
PT-2026-6481
Summary A Prototype Pollution vulnerability exists in the the npm package locutus 2.0.12. Despite a previous fix that attempted to mitigate Prototype Pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...
Semantics-Preserving Evasion of LLM Vulnerability Detectors
LLM-based vulnerability detectors are increasingly deployed in security-critical code review, yet their resilience to evasion under behavior-preserving edits remains poorly understood. We evaluate detection-time integrity under a semantics-preserving threat model by instantiating diverse...
CVE-2026-25126
PolarLearn prior to version 0-PRERELEASE-15 is vulnerable in the vote API at POST /api/v1/forum/vote, where the request body field direction is not validated at runtime. This allows sending arbitrary strings; downstream VoteServer treats any non-up and non-null value as a downvote and stores the ...
CVE-2025-68119
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
AZL-75728 CVE-2025-68119 affecting package golang for versions less than 1.25.6-1
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
AZL-78939 CVE-2025-68119 affecting package golang 1.25.7-1
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
AZL-75698 CVE-2025-68119 affecting package golang for versions less than 1.24.12-1
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
AZL-75639 CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2025-68119
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
UBUNTU-CVE-2025-68119
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
EUVD-2025-206446
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2025-68119
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2025-68119
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2025-68119
CVE-2025-68119 describes local code execution and arbitrary-file writes when downloading/building modules with malicious version strings in environments where external VCS tools are present. Specifically: on systems with Mercurial (hg), downloading modules from non-standard sources (e.g., custom ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Go Vulnerability Report: Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g...
GO-2026-4338 Unexpected code execution when invoking toolchain in cmd/go
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CVE-2026-22243
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...