π¨ CVE-2026-44804
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44807
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44808
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44811
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44813
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44814
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2026-48565
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-48569
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
π¨ CVE-2025-52292
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
π¨ CVE-2025-52293
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
π@cveNotify
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser
Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`β¦
Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser
Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`β¦
π¨ CVE-2026-44801
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-47653
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-47654
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-12007
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12009
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-46475
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
π@cveNotify
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
π@cveNotify
GitHub
Release flowise@3.1.2 Β· FlowiseAI/Flowise
What's Changed
Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage by @christopherholland-workday in #5901
Additional Improvements to MCP Server Conf...
Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage by @christopherholland-workday in #5901
Additional Improvements to MCP Server Conf...
π¨ CVE-2026-10786
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-10787
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-45602
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
π@cveNotify
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
π@cveNotify
π¨ CVE-2026-45608
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
π@cveNotify