CVE-2026-34373

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

CVE-2024-14030

creationtimestamp| type| source ---|---|--- 2026-03-31 13:17:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mieb7dtnjm2t 2026-03-31 17:46:53+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mieqarh5eb2a...

brace-expansion: Zero-step sequence causes process hang and memory exhaustion

...

ha-ps4-jb

🎮 PS4 JB Web Server — Home Assistant Add-on A Home Assistant...

MaruNuri 安全漏洞

MaruNuri is a comprehensive software system provided by MaruNuri Company, which offers content management and information publishing functions. Version 2.0.23 of MaruNuri contains a security vulnerability. This vulnerability stems from an arbitrary file overwriting during the file import process,...

PT-2026-29391

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior UB due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6...

📄 FreeScout 1.8.206 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in FreeScout versions less than or equal to 1.8.206 CVE-2026-28289. The sanitizeUploadedFileName function checks for dot-prefixed filenames before stripping Unicode format characters ZWSP U+200B, allowing...

PT-2026-29289

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29284

🚨 CRITICAL: CVE-2026-30281 CVSS 9.8 - Arbitrary file overwrite in MaruNuri LLC v2.0.23 enables remote code execution via file import. No auth required. Patch immediately. CVE ThreatIntel DFIR https://t.co/DE2EQ0o9Jq...

CVE-2026-30284

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29349

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description The delete mode handler in mylist function.php does not validate a CSRF token before permanently deleting list configurations. An attacker can exploit this by luring an authenticated user to a...

Fedora: Security Advisory (FEDORA-2026-22e517fe60)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-38561

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Processing of HTTP/2 SETTINGS frames can lead to an infinite loop of writing CONTINUATION frames when a SETTINGS MAX FRAME SIZE with a value of 0 is received,...

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

CVE-2026-32877 Botan: Heap Buffer Over-read in SM2 Decryption via Undersized C3 Hash Field

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

ALPINE-CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...