UBUNTU-CVE-2026-35186

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally i...

CVE-2026-4878

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

PT-2026-31734

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CLSA-2026-1775652408 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial of service from multi-layer nested MVG to SVG conversion - debian/patches/CVE-2026-24484.patch: Add recursion-depth check for graphic-context and prevent excessive nested vector graphics that cause crashes or resource exhaustion due to unbounded recursion. -...

CLSA-2026-1775651477 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG conversions - debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from unbounded nesting of graphic-context elements. -...

EUVD-2026-20129

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

EUVD-2025-209292

The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2026-4655

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

Security Bulletin: Highlight.js Prototype Pollution Vulnerability in Code Block Parsing, affects watsonx.data

Summary Highlight.js versions prior to 9.18.2 and 10.1.2 are vulnerable to prototype pollution via malicious HTML in user-supplied code blocks. This can cause unexpected application behavior or crashes, representing a potential DoS vector. This can affect watsonx.data. Vulnerability Details...

WordPress AM LottiePlayer plugin <= 3.6.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin AM LottiePlayer versions = 3.6.0...

CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006657)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006657 advisory. In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006591 advisory. In the Linux kernel, the following vulnerability has been resolved: intelth: Fix a resource leak in an error handling path If an error occurs after calling...

PT-2026-31090

Name of the Vulnerable Software and Affected Versions The AM LottiePlayer plugin for WordPress versions up to and including 3.6.0 Description The AM LottiePlayer plugin for WordPress is susceptible to Stored Cross-Site Scripting through uploaded SVG files. Insufficient input sanitization and outp...

SUSE CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the AES-CFB-128 process on x86-64 systems with AVX-512 and VAES support when processing partial cipher blocks. An attacker can cause a crash and application termination by providing input buffers that end at a memo...

CVE-2026-35533

mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted a...

CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...