๐จ CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
๐@cveNotify
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
๐@cveNotify
GitHub
[CVE-REQUESTED] lib: `doProlog`: Fix out-of-bound scaffolding index store by Smattr ยท Pull Request #1272 ยท libexpat/libexpat
Self-Diagnosis
This pull request fixes #ISSUE_NUMBER.
This pull request is related to ANT-2026-00037
This pull request is small, uncontroversial, complete, and easy to review.
I have enabled ...
This pull request fixes #ISSUE_NUMBER.
This pull request is related to ANT-2026-00037
This pull request is small, uncontroversial, complete, and easy to review.
I have enabled ...
๐จ CVE-2026-34192
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables.
The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation.
๐@cveNotify
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables.
The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation.
๐@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
๐จ CVE-2026-41156
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario.
A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.
๐@cveNotify
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario.
A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.
๐@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
๐จ CVE-2026-8296
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.
๐@cveNotify
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.
๐@cveNotify
Octopus
Security Advisory 2026-05
2026-05 - Stored XSS using artifacts
๐จ CVE-2025-62821
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
๐@cveNotify
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
๐@cveNotify
GitHub
GitHub - hyunjungg/CVE-2025-62821: Microsoft HEIF Extension (msheif_store.dll) OOB-read
Microsoft HEIF Extension (msheif_store.dll) OOB-read - hyunjungg/CVE-2025-62821
๐จ CVE-2026-48137
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially crafted Moniker protobuf message. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Untrusted pointer dereference using monikers in NI grpc-device sideband streaming API
### Impact
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially res...
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially res...
๐จ CVE-2026-48138
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Out-of-bounds read vulnerability in the NI grpc-device streaming API
### Impact
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires a...
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires a...
๐จ CVE-2026-48139
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
NULL pointer dereference vulnerability in NI grpc-device data moniker service
### Impact
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successfu...
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successfu...
๐จ CVE-2026-48140
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream
### Impact
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulti...
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulti...
๐จ CVE-2026-48141
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Memory leak in NI grpc-device BeginSidebandStream
### Impact
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.
### Patches
Upgrade to 2.18.0 or later
### References ...
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.
### Patches
Upgrade to 2.18.0 or later
### References ...
๐จ CVE-2026-9142
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present
### Impact
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticate...
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticate...
๐จ CVE-2026-9143
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen
### Impact
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in
CodeGen. This may silently discard high bits if a size value exc...
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in
CodeGen. This may silently discard high bits if a size value exc...
๐จ CVE-2026-21768
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.
๐@cveNotify
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.
๐@cveNotify
Hcl-Software
Security Bulletin: HCL Verse for Android is susceptible to an injection vulnerability (CVE-2026-21768) - Customer Support
HCL Verse for Android is susceptible to an injection vulnerability where an attacker could achieve the
๐จ CVE-2026-32208
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-12673
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary (non-default) group.
๐@cveNotify
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary (non-default) group.
๐@cveNotify
๐จ CVE-2025-71331
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src="javascript:alert(document.cookie)">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data.
๐@cveNotify
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src="javascript:alert(document.cookie)">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data.
๐@cveNotify
GitHub
XSS vulnerability in Flowise
### Summary
A XSS(cross-site scripting) vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script cod...
A XSS(cross-site scripting) vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script cod...
๐จ CVE-2026-56355
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
๐@cveNotify
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
๐@cveNotify
๐จ CVE-2026-6645
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.
Because the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.
๐@cveNotify
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.
Because the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.
๐@cveNotify
๐จ CVE-2025-66389
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
๐@cveNotify
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
๐@cveNotify
Blindcyber
Vibe Pwning with GitHub Copilot | blindCyber
Finding 0days in your friendly neighborhood coding assistant
๐จ CVE-2026-10789
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.
๐@cveNotify
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.
๐@cveNotify
๐จ CVE-2026-11834
A command
injection vulnerability has been identified in the DHCP option processing logic
in multiple TP-Link router models, due to insufficient validation of externally
supplied DHCP option data. An adjacent attacker may exploit this
vulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized
command execution during device initialization or provisioning workflows. This
typically occurs when the device is in a factory-default or unconfigured state.
Successful
exploitation may allow an adjacent, unauthenticated attacker to execute
arbitrary commands with elevated privileges, potentially leading to full
compromise of the affected device and unauthorized administrative control.
๐@cveNotify
A command
injection vulnerability has been identified in the DHCP option processing logic
in multiple TP-Link router models, due to insufficient validation of externally
supplied DHCP option data. An adjacent attacker may exploit this
vulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized
command execution during device initialization or provisioning workflows. This
typically occurs when the device is in a factory-default or unconfigured state.
Successful
exploitation may allow an adjacent, unauthenticated attacker to execute
arbitrary commands with elevated privileges, potentially leading to full
compromise of the affected device and unauthorized administrative control.
๐@cveNotify
TP-Link
Download for Archer C20 | TP-Link
TP Link - Download Center Detail