CVE-2026-48156

The CVE affects the Python PDF library pypdf (prior to 6.12.0). A crafted PDF leveraging cross-reference streams with /W [0 0 0] and large /Size can cause long runtimes. Fixed in 6.12.0; remediation is to upgrade to that version or later.

CVE-2026-48156 pypdf: Possible long runtimes for zero-only width values in cross-reference streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

CVE-2026-48156 pypdf: Possible long runtimes for zero-only width values in cross-reference streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

Unity Linux 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-017435)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017435 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions a malicious server might trigger out of...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that rely on FreeRDP before version 3.5.1 are vulnerable to out-of-bounds read attacks if nWidth == 0 and nHeight == 0. Version 3.5.1 includes a patch for this issue. There are no known workarounds available...

📄 FreeScout 1.8.206 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in FreeScout versions less than or equal to 1.8.206 CVE-2026-28289. The sanitizeUploadedFileName function checks for dot-prefixed filenames before stripping Unicode format characters ZWSP U+200B, allowing...

CVE-2026-28289

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

CVE-2026-28289

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

CVE-2026-28289

FreeScout suffers CVE-2026-28289 (affecting

CVE-2026-28289 FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

EUVD-2026-9347

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution RCE on the server by uploading a maliciou...

Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

InvisibleJS Detection and Analysis Scanner

InvisibleJS is an obfuscation technique that hides JavaScript source code using zero‑width Unicode characters, making files appear empty while still executing at runtime via eval or dynamic import with data: URIs. Although visually deceptive, this method provides no real cryptographic protection...

InvisibleJS JavaScript Hiding Tool

Welcome to InvisibleJS, an experimental tool for hiding your JavaScript source code in plain sight using zero-width characters. This repository features two distinct versions of the obfuscator, tailored for different execution environments...

Revive Adserver: Username Validation Bypass

Cricetinae Executive Summary The security patch in commit d239a0845e4f64fbacd25fff2854426734d43aa2 is INSUFFICIENT. Testing confirms that 3 out of 4 exploit vectors still bypass validation. --- Vulnerability Details Affected Component: Username validation in user registration/creation File:...

EUVD-2005-2703

Malware in sbrugna...

EUVD-2019-4800

Malware in sbrugna...

EUVD-2025-25815

Malicious code in bioql PyPI...