CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-45729 ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-45729 ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

EUVD-2026-33722

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Top Dog versions = 1.0.5...

GHSA-VPXX-H23G-GXH2 youtube-regex vulnerable to Regex Denial of Service

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

youtube-regex vulnerable to Regex Denial of Service

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

EUVD-2025-209731

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2025-65122

CVE-2025-65122 affects the youtube-regex npm package up to version 1.0.5. The NVD entry documents a Regex Denial of Service vulnerability with CVSS v3.1 base score 7.5 (attack: NETWORK, impact: HIGH on availability; confidentiality and integrity not affected; no user interaction; no privileges re...

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

PT-2026-35667

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector...

ai.driftkit:driftkit-vector-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-vector-spring-ai-starter (>=0.6.0 <=0.8.7) +179 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.0.0-M7 <=1.0.5)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0.1, =1.0.0.1, =1.0.0.3, =1.0.0.3, =1.0.0.1, =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-nacos-mcp-client =1.0.0.1 and more Source cves:...

org.springframework.ai:spring-ai-oracle-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-oracle (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-oracle-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-oracle-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321393...

EUVD-2026-25903

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication...

MAL-2026-3030 Malicious code in model-poc-suhail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0077cfbeca02c255952633606e9fc0c50ef11fe0e50a083f9ab632b6ee01569 The package model-poc-suhail was found to contain malicious code. Source: ossf-package-analysis...