GHSA-8C75-8MHR-P7R9 vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...

GHSA-HPPC-G8H3-XHP3 vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...

CVE-2026-41677 vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...

CVE-2026-41676 vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...

GHSA-GHM9-CR32-G9QJ vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...

SUSE CVE-2026-31432

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...

MCP Pitfall Lab: Exposing Developer Pitfalls in MCP Tool Server Security under Multi-Vector Attacks

Model Context Protocol MCP is increasingly adopted for tool-integrated LLM agents, but its multi-layer design and third-party server ecosystem expand risks across tool metadata, untrusted outputs, cross-tool flows, multimodal inputs, and supply-chain vectors. Existing MCP benchmarks largely measu...

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop via custom sanitization policies or programmatic DOM manipulation. An attacker can inject and execute arbitrary scripts, cause resource loading, or trigger externa...

CVE-2026-40937

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...

EUVD-2026-24955

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-31438

CVE-2026-31438 affects the Linux kernel netfs code. A BUG occurs in netfs_limit_iter() when processing ITER_KVEC iterators (e.g., during core-dump to 9P), because ITER_KVEC is not dispatched like other supported types. The fix adds netfs_limit_kvec() (paralleling netfs_limit_bvec()) and dispatche...

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

CVE-2026-6861

A CVE-2026-6861 vulnerability affects GNU Emacs and relates to memory corruption when Emacs processes specially crafted SVG CSS data. A local attacker could entice a user to open a malicious SVG file, which may lead to a denial of service or information disclosure. Public references in the connec...

UBUNTU-CVE-2026-33262

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default...

UBUNTU-CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

PowerDNS Recursor（pdns_recursor） 代码问题漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a code vulnerability in PowerDNS Recursor, which stems from the ability for attackers to send responses that lead to null pointer dereferencing. Due to lack of consistency checks,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013799 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vectorconfig If the return value of the umlparsevectorifspec...

PT-2026-34508

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...