π¨ CVE-2026-7594
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
GitHub - Flux159/mcp-game-asset-gen: Asset generation MCP server for Three.js and game engines
Asset generation MCP server for Three.js and game engines - Flux159/mcp-game-asset-gen
π¨ CVE-2026-7595
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
π@cveNotify
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
π@cveNotify
GitHub
GitHub - nextlevelbuilder/ui-ux-pro-max-skill: An AI SKILL that provide design intelligence for building professional UI/UX multipleβ¦
An AI SKILL that provide design intelligence for building professional UI/UX multiple platforms - nextlevelbuilder/ui-ux-pro-max-skill
π¨ CVE-2026-7596
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
π@cveNotify
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
π@cveNotify
GitHub
GitHub - nextlevelbuilder/ui-ux-pro-max-skill: An AI SKILL that provide design intelligence for building professional UI/UX multipleβ¦
An AI SKILL that provide design intelligence for building professional UI/UX multiple platforms - nextlevelbuilder/ui-ux-pro-max-skill
π¨ CVE-2026-7597
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
π@cveNotify
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 62dca096f9236010ca15fea9ba369ba740b86b7a. Applying a patch is the recommended action to fix this issue.
π@cveNotify
GitHub
GitHub - mem0ai/mem0: Universal memory layer for AI Agents
Universal memory layer for AI Agents. Contribute to mem0ai/mem0 development by creating an account on GitHub.
π¨ CVE-2026-6553
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
π@cveNotify
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
π@cveNotify
GitHub
[SECURITY] Do not store password in serialized user settings Β· TYPO3/typo3@9a6e913
The new mechanism of using serialized JSON data for storing
backend user settings since TYPO3 14.2 has introduced a vulnerability
that stored the "password" and "verify p...
backend user settings since TYPO3 14.2 has introduced a vulnerability
that stored the "password" and "verify p...
π¨ CVE-2026-6408
Tanium addressed an information disclosure vulnerability in Tanium Server.
π@cveNotify
Tanium addressed an information disclosure vulnerability in Tanium Server.
π@cveNotify
π¨ CVE-2026-42471
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE if connecting to a malicious server.
π@cveNotify
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE if connecting to a malicious server.
π@cveNotify
Gist
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475)
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475) - advisory_mixphp_v2.md
π¨ CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
π@cveNotify
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
π@cveNotify
Gist
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475)
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475) - advisory_mixphp_v2.md
π¨ CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
π@cveNotify
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
π@cveNotify
Gist
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475)
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475) - advisory_mixphp_v2.md
π¨ CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.
π@cveNotify
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.
π@cveNotify
Gist
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475)
MixPHP 2.x Deserialization RCE and SQL Injection (CVE-2026-37552, CVE-2026-42471 through 42475) - advisory_mixphp_v2.md
π¨ CVE-2026-41651
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.
A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:
1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.
2. Silent state-transition rejection (lines 873β882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` β `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.
3. Late flag read at execution time (lines 2273β2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.
π@cveNotify
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.
A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:
1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.
2. Silent state-transition rejection (lines 873β882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` β `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.
3. Late flag read at execution time (lines 2273β2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.
π@cveNotify
GitHub
PackageKit/src/pk-transaction.c at 04057883189efa225a7c785591aa87cb299782f8 Β· PackageKit/PackageKit
A D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. - PackageKit/PackageKit
π¨ CVE-2026-37554
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught by the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line 19) throws openssl::Exception when OpenSSL operations fail. The parser's catch block in parse_secured() should catch these, but the exception escapes through subsequent processing stages (indicate_common, indicate_extended). This causes std::terminate, crashing the V2X receiver.
π@cveNotify
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught by the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line 19) throws openssl::Exception when OpenSSL operations fail. The parser's catch block in parse_secured() should catch these, but the exception escapes through subsequent processing stages (indicate_common, indicate_extended). This causes std::terminate, crashing the V2X receiver.
π@cveNotify
Gist
Vanetza V2X v26.02 Denial of Service (CVE-2026-37554)
Vanetza V2X v26.02 Denial of Service (CVE-2026-37554) - advisory_vanetza_v2.md
π¨ CVE-2026-37539
Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.
π@cveNotify
Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.
π@cveNotify
Gist
Automotive CAN Protocol Libraries Multiple Buffer Overflows (CVE-2026-37534 through 37541, 42467-42469)
Automotive CAN Protocol Libraries Multiple Buffer Overflows (CVE-2026-37534 through 37541, 42467-42469) - advisory_automotive_v2.md
π¨ CVE-2026-42467
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.
π@cveNotify
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.
π@cveNotify
Gist
Automotive CAN Protocol Libraries Multiple Buffer Overflows (CVE-2026-37534 through 37541, 42467-42469)
Automotive CAN Protocol Libraries Multiple Buffer Overflows (CVE-2026-37534 through 37541, 42467-42469) - advisory_automotive_v2.md
π¨ CVE-2026-42485
AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.
π@cveNotify
AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.
π@cveNotify
π¨ CVE-2026-30363
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
π@cveNotify
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
π@cveNotify
Gist
CVE-2026-30363: Potential Stack Overflow in main (flipperzero-firmware)
CVE-2026-30363: Potential Stack Overflow in main (flipperzero-firmware) - gist:7db9fb648a18ffcd8600bea436486884
π¨ CVE-2025-69727
An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to missing authorization checks and lack of rate-limiting when generating or accessing these URLs, an unauthenticated or unauthorized actor may retrieve profile pictures of users by crafting requests with guessed or known identifiers.
π@cveNotify
An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to missing authorization checks and lack of rate-limiting when generating or accessing these URLs, an unauthenticated or unauthorized actor may retrieve profile pictures of users by crafting requests with guessed or known identifiers.
π@cveNotify
demo.index-education.net
PRONOTE - SITE DE DEMONSTRATION
PRONOTE Page d'accueil - SITE DE DEMONSTRATION - Marseille - gestion des notes, absences, punitions, cahier de textes pour les Γ©tablissements scolaires.
π¨ CVE-2026-4739
Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.
π@cveNotify
Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.
π@cveNotify
GitHub
BUG: Prevent integer overflow in potential vulnerable cloned functions by npt-1707 Β· Pull Request #5351 Β· InsightSoftwareConsortium/ITK
Hi Development Team,
I identified a potential integer overflow in clone functions in Modules/ThirdParty/Expat/src/expat/xmlparse.c sourced from libexpat/libexpat. This issue, originally reported in...
I identified a potential integer overflow in clone functions in Modules/ThirdParty/Expat/src/expat/xmlparse.c sourced from libexpat/libexpat. This issue, originally reported in...
π¨ CVE-2026-4742
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C.
This issue affects liteide: before x38.4.
π@cveNotify
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C.
This issue affects liteide: before x38.4.
π@cveNotify
GitHub
Fix: Potential Vulnerability in Cloned Function by tabudz Β· Pull Request #1325 Β· visualfc/liteide
Description
This PR fixes a security vulnerability in http_parser_execute() that was cloned from node but did not receive the security patch. The original issue was reported and fixed under nodejs/...
This PR fixes a security vulnerability in http_parser_execute() that was cloned from node but did not receive the security patch. The original issue was reported and fixed under nodejs/...
π¨ CVE-2026-4743
NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with program files cJSON.Cpp.
This issue affects ncmdump: before 1.4.0.
π@cveNotify
NULL Pointer Dereference vulnerability in taurusxin ncmdump (src/utils modules). This vulnerability is associated with program files cJSON.Cpp.
This issue affects ncmdump: before 1.4.0.
π@cveNotify
GitHub
Fix potential vulnerable cloned function by npt-1707 Β· Pull Request #52 Β· taurusxin/ncmdump
Hi Development Team,
I identified a potential null pointer dereference in a clone function cJSON_InsertItemInArray() in src/utils/cJSON.cpp sourced from DaveGamble/cJSON. This issue, originally rep...
I identified a potential null pointer dereference in a clone function cJSON_InsertItemInArray() in src/utils/cJSON.cpp sourced from DaveGamble/cJSON. This issue, originally rep...
β€1
π¨ CVE-2026-33850
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.
π@cveNotify
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.
π@cveNotify
GitHub
Potential Vulnerability in Cloned Code by ivanaclairineirsan Β· Pull Request #66 Β· WujekFoliarz/DualSenseY-v2
This PR fixes a potential security vulnerability in stbi__process_frame_header that was cloned from https://github.com/nothings/stb but did not receive the security patch.
###Details:
Affected Func...
###Details:
Affected Func...