π¨ CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
π@cveNotify
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory.
π@cveNotify
GitHub
Hardening in TLSX_KeyShare_ProcessPqcHybridClient by embhorn Β· Pull Request #10327 Β· wolfSSL/wolfssl
Description
Set pointer to NULL to prevent double free with a malformed ECDH key.
Fixes zd21704
Testing
Added test_tls13_pqc_hybrid_malformed_ecdh
Checklist
added tests
updated/added doxygen
up...
Set pointer to NULL to prevent double free with a malformed ECDH key.
Fixes zd21704
Testing
Added test_tls13_pqc_hybrid_malformed_ecdh
Checklist
added tests
updated/added doxygen
up...
π¨ CVE-2026-2053
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.
Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
π@cveNotify
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.
Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
π@cveNotify
Wso2
Security Advisory WSO2-2026-5072/CVE-2026-2053
Documentation for WSO2 Security and Compliance
π¨ CVE-2026-57879
An unauthenticated
stack-based buffer overflow vulnerability exists in ssvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when processing RTSP custom authentication data. A
remote attacker may exploit this vulnerability by sending a crafted RTSP
request, resulting in memory corruption, denial of service, or potentially
arbitrary code execution.
π@cveNotify
An unauthenticated
stack-based buffer overflow vulnerability exists in ssvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when processing RTSP custom authentication data. A
remote attacker may exploit this vulnerability by sending a crafted RTSP
request, resulting in memory corruption, denial of service, or potentially
arbitrary code execution.
π@cveNotify
GeoVision
Cyber Security - GeoVision
- GeoVision specializes in advanced video surveillance solutions, offering state-of-the-art IP cameras, cloud-based surveillance platforms, and tailored surveillance software designed for business buildings, factories, and retail environments. Enhance publicβ¦
π¨ CVE-2026-57881
An unauthenticated
stack-based buffer overflow vulnerability exists in vlsvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient length validation when processing remote login data. A remote
attacker may exploit this vulnerability by sending crafted login data with
overly long input, resulting in memory corruption, denial of service, or potentially
arbitrary code execution.
π@cveNotify
An unauthenticated
stack-based buffer overflow vulnerability exists in vlsvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient length validation when processing remote login data. A remote
attacker may exploit this vulnerability by sending crafted login data with
overly long input, resulting in memory corruption, denial of service, or potentially
arbitrary code execution.
π@cveNotify
GeoVision
Cyber Security - GeoVision
- GeoVision specializes in advanced video surveillance solutions, offering state-of-the-art IP cameras, cloud-based surveillance platforms, and tailored surveillance software designed for business buildings, factories, and retail environments. Enhance publicβ¦
π¨ CVE-2026-11625
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes.
When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced.
Secrets generated in multiprocess applications are predictable across processes.
π@cveNotify
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes.
When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced.
Secrets generated in multiprocess applications are predictable across processes.
π@cveNotify
GitHub
The internal PRNG state is not updated on forking Β· Issue #3 Β· daoswald/Bytes-Random-Secure
The internal PRNG state is shared when using the functional interface, or when creating an object before forking. The result is that different processes will emit the same random streams. Depending...
π¨ CVE-2026-11702
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes.
When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced.
Secrets generated in multiprocess applications are predictable across processes.
π@cveNotify
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes.
When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced.
Secrets generated in multiprocess applications are predictable across processes.
π@cveNotify
GitHub
The internal PRNG state is not updated on forking Β· Issue #6 Β· daoswald/Bytes-Random-Secure-Tiny
The internal PRNG state is shared when creating an object before forking. The result is that different processes will emit the same random streams. Depending on the application, this could allow at...
π¨ CVE-2026-30040
A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.
π@cveNotify
A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.
π@cveNotify
kb.cert.org
CERT/CC Vulnerability Note VU#936962
Multiple file parsing vulnerabilities in FastStone Image Viewer 8.3.0.0
π¨ CVE-2026-30041
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.
π@cveNotify
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.
π@cveNotify
kb.cert.org
CERT/CC Vulnerability Note VU#936962
Multiple file parsing vulnerabilities in FastStone Image Viewer 8.3.0.0
π¨ CVE-2026-57527
Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel.
π@cveNotify
Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel.
π@cveNotify
GitHub
Merge pull request #7481 from thc202/viewstate/disable-jsf Β· zaproxy/zap-extensions@ac6c3f9
viewstate: disable format
π¨ CVE-2026-57637
Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.
π@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Abandoned Cart Lite for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57644
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
π@cveNotify
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
π@cveNotify
Patchstack
SQL Injection in WordPress Restaurant Menu by MotoPress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57650
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
π@cveNotify
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Magazine Blocks Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57656
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
π@cveNotify
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Hester Core Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
π@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
π@cveNotify
AMD
AMD Client Vulnerabilities β August 2025
π¨ CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
π@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
π@cveNotify
AMD
AMD Client Vulnerabilities β August 2025
π¨ CVE-2026-12411
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
π@cveNotify
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
π@cveNotify
GitHub
Security fixes from the 6.9 release by tomponline Β· Pull Request #18585 Β· canonical/lxd
Covers fixes for:
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp
π¨ CVE-2026-9639
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.
π@cveNotify
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.
π@cveNotify
GitHub
lxd/storage/backend/lxd: Validate snapshot.ExpiresAt is non-nil by tomponline Β· Pull Request #18320 Β· canonical/lxd
Powerful system container and virtual machine manager - lxd/storage/backend/lxd: Validate snapshot.ExpiresAt is non-nil by tomponline Β· Pull Request #18320 Β· canonical/lxd
π¨ CVE-2026-9640
A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.
π@cveNotify
A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy restrictions by importing a maliciously crafted instance backup containing restricted configuration keys within a snapshot. When the snapshot is restored, these restricted keys are applied to the live instance without policy validation. Starting the modified instance grants the operator unauthorized host root access.
π@cveNotify
GitHub
Instance: Improve snapshot config validation during import by tomponline Β· Pull Request #18301 Β· canonical/lxd
Powerful system container and virtual machine manager - Instance: Improve snapshot config validation during import by tomponline Β· Pull Request #18301 Β· canonical/lxd
π¨ CVE-2025-32394
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
π@cveNotify
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.
π@cveNotify
GitHub
Quadratic memory amplification in AITextSummarizerBlock chunking (DoS via attacker-controlled max_tokens/overlap)
### Summary
There is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of m...
There is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of m...
π¨ CVE-2026-11779
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.
π@cveNotify
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.
π@cveNotify
Fluidattacks
PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access | Fluid Attacks
CVE-2026-11779: An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.