CVE-2026-40323

SP1 (zero‑knowledge VM) has a soundness vulnerability in the V6 recursive shard verifier affecting versions 6.0.0–6.0.2, allowing a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. The issue is fixed in version 6.1.0. Impact is described as...

Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

Summary The readonly mode in mcp-neo4j-cypher versions prior to 0.6.0 can be bypassed using CALL procedures. Details Impact The enforcing of readonly mode in vulnerable versions could be bypassed by certain APOC procedures. Patches v0.6.0 release hardened the checks around the mode. The only way ...

CVE-2026-40305 DNN has Force Friend Request Acceptance

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

CVE-2026-33436 Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

CVE-2026-33436

Stirling-PDF (a local web app for PDF operations) is vulnerable in versions prior to 2.0.0 where file upload endpoints render user-supplied filenames directly into HTML with unsafe methods (e.g., innerHTML) without sanitization. An attacker can supply a filename containing JavaScript, triggering ...

CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

RMS-1.0-Exploit-RCE

Remote Code Execution Exploit for Restaurant...

CVE-2026-35215 Firebird: DoS via malicious slice descriptor in slice packet

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

CVE-2026-35215

CVE-2026-35215 – Firebird DoS via crafted slice packet Firebird, an open-source RDBMS, has a vulnerability in the sdl_desc() function across affected series prior to 5.0.4, 4.0.7, and 3.0.14. The function does not validate the length of a decoded SDL descriptor from a slice packet; a zero-length ...

EUVD-2026-23490

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

MAL-2026-2851 Malicious code in @indriver-poc/whisperwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7543a4315d192afe241577899d5777567678b591c400103ba3da0dc46f1b1d55 The package @indriver-poc/whisperwind was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2026-23462

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

JLSEC-2026-150

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

SUSE-SU-2026:21265-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_19

This update for kernel-livepatch-MICRO-6-0-RTUpdate19 fixes the following issues: - New livepatch SLE Micro 6.0/6.1 kernel update 19...

JLSEC-2026-131

In ImfChromaticities.cpp routine RGBtoXYZ, there are some division operations such as float Z = 1 - chroma.white.x - chroma.white.y Y / chroma.white.y; and chroma.green.y X + Z / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition whi...

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer requires GitHub sign-in, RedSun, an...

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

OESA-2026-1984 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

OESA-2026-1949 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a...