CVE-2026-24114

The CVE-2026-24114 issue affects Tenda W20E (V4.0br_V15.11.0.6). The vulnerability stems from failure to validate the pPortMapIndex, which may cause buffer overflows when strcpy is used. Documented impact is buffer overflow; no further exploit details or conditions are provided in the supplied pa...

CVE-2026-24108

The CVE-2026-24108 vulnerability affects Tenda W20E devices in version V4.0br_V15.11.0.6. The root cause is a buffer overflow triggered when an attacker-controlled value (nptr) is passed to getMibPrefix and concatenated via sprintf without proper size validation. This could allow an overflow, lea...

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Fake Xeno and Roblox gaming tools are spreading a Windows RAT remote access trojan using PowerShell and LOLBins, Microsoft Threat Intelligence warns...

CVE-2026-28411

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

ASB-A-435737668

Bulletin has no description...

CVE-2026-28557

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

MAL-2026-1089 Malicious code in randomstringgen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9fc95ea566ad1938f7f75123eee2d8b3365bf55f06d7aa8a5f569f5e4c696132 Using the provided function results in exfiltrating the current running file likely the user's script to the hardcoded location. --- Category: MALICIOUS - The...

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to an attacker crafting a PDF with unusually large values in the /ToUnicode entry of a font, where parsing this entry leads to long runtimes and large memory consumption, and how attackers can exploit it by using this vulnerabilit...

DEBIAN-CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

CVE-2026-3255

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

CVE-2026-3255 HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epo...

CVE-2026-21619

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

EUVD-2026-9037

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

Malicious Package

Overview @dgxeon/libsignal-node is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious Package

Overview dgxeon-soket2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @skyzopedia/baileys-pro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...