CVE Notify
19.3K subscribers
4 photos
204K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2026-58522
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14757
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14758
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14759
A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function r_bin_java_inner_classes_attr_calc_size of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The patch is named cd62d15a6cbecdc67fd03f3ebdbbbeb741d18f87. To fix this issue, it is recommended to deploy a patch.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14760
A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to implement a patch to correct this issue.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-55255
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-8458
libcurl might in some circumstances reuse the wrong connection when asked to
do Negotiate-authenticated ones, even when they are set to use different
'services'.

libcurl features a pool of recent connections so that subsequent requests can
reuse an existing connection to avoid overhead.

When reusing a connection a range of criteria must be met. Due to a logical
error in the code, a request that was issued by an application could
wrongfully reuse an existing connection to the same server that was
authenticated using different services.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-8924
A flaw in curlโ€™s cookie parsing logic allows a malicious HTTP server to set
'super cookies' that bypass the Public Suffix List check. This enables an
attacker-controlled origin to inject cookies that curl subsequently scopes and
transmits to unrelated third-party domains.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-8926
When asking curl to use a `.netrc` file to find credentials and at the same
time specifying a URL with a username(without a password), like
`https://user@example.com/`, curl could wrongly get and use the password for
*another* user set in the `.netrc` file for that host if such a one exists and
there is no match for the specified user.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-8927
When reusing a libcurl handle for sequential transfers driven by
environment-variable proxy configuration, libcurl fails to clear the proxy
authentication state between requests. Specifically, if the initial transfer
authenticates against `proxyA` using Digest auth, a subsequent transfer routed
through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended
solely for `proxyA`.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-8932
libcurl would reuse a previously created connection even when some mTLS config
related option had been changed that should have prohibited reuse.

libcurl keeps previously used connections in a connection pool for subsequent
transfers to reuse if one of them matches the setup. However, some TLS
settings related to client certificates were left out from the configuration
match checks, making them match too easily. In particular options related to
the private key.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-58523
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14380
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile.

When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name.

Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands.

The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db.

An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14739
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.

The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.

DBI version 1.650 sets a hard limit of 99,999 placeholders.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14740
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.

The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-14895
String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service.

The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex engine retries the match at each offset of a long whitespace run, producing quadratic backtracking. The fix replaces \s*$ with \s+$.

Any caller that passes untrusted input to trim or rtrim can trigger CPU exhaustion with a string containing a long run of whitespace.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-36162
An authenticated stored cross-site scripting (XSS) vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-36163
An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-37270
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-37271
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch.

๐ŸŽ–@cveNotify