Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

CVE-2026-32231 ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields sender, chatid from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled authtoken: None, an...

EUVD-2026-11667

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data...

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

Summary The generic webhook channel trusts caller-supplied identity fields sender, chatid from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled authtoken: None, an attacker who can reach POST /webhook can spoo...

EUVD-2023-32227

Malicious code in bioql PyPI...

CVE-2023-28560 Buffer Copy Without Checking Size of Input in WLAN HAL

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload...

PT-2023-21806 · Wlan Fw · Wlan Fw

Name of the Vulnerable Software and Affected Versions: WLAN FW affected versions not specified Description: The issue is related to memory corruption in WLAN FW when processing command parameters from untrusted WMI payload. Recommendations: At the moment, there is no information about a newer...

nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties

A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...