π¨ CVE-2026-44811
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44813
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44814
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2026-48565
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-48569
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
π¨ CVE-2025-52292
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
π¨ CVE-2025-52293
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
π@cveNotify
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser
Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`β¦
Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser
Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`β¦
π¨ CVE-2026-44801
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-47653
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-47654
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-12007
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12009
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-46475
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
π@cveNotify
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
π@cveNotify
GitHub
Release flowise@3.1.2 Β· FlowiseAI/Flowise
What's Changed
Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage by @christopherholland-workday in #5901
Additional Improvements to MCP Server Conf...
Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage by @christopherholland-workday in #5901
Additional Improvements to MCP Server Conf...
π¨ CVE-2026-10786
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-10787
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-45602
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
π@cveNotify
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
π@cveNotify
π¨ CVE-2026-45608
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2026-45634
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2026-11459
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used.
π@cveNotify
GitHub
GitHub - Kalagious/SecureAgeExploit
Contribute to Kalagious/SecureAgeExploit development by creating an account on GitHub.
π¨ CVE-2026-10544
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.
This issue affects :
* Devolutions Server 2026.2.4.0
* Devolutions Server 2026.1.20.0 and earlier
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.