•14 minutes ago•CVE-2026-40310
5.5CVE-2026-40310: Heap-Based Out-of-Bounds Write in ImageMagick JP2 Encoder
CVE-2026-40310 is a heap-based out-of-bounds write vulnerability within the ImageMagick JPEG 2000 (JP2) encoder. The vulnerability is triggered when the application processes a user-supplied sampling factor of zero, leading to an incorrect mathematical calculation that undersizes a heap allocation. Subsequent write operations overwrite adjacent memory, primarily resulting in a denial-of-service condition via an application crash. The flaw affects ImageMagick versions prior to 7.1.2-19 and 6.9.13-44.
0 views•8 min read
•44 minutes ago•CVE-2026-40312
6.2CVE-2026-40312: Off-by-One Heap Memory Corruption in ImageMagick MSL Decoder
ImageMagick versions prior to 7.1.2-19 contain an off-by-one vulnerability in the Magick Scripting Language (MSL) decoder. Processing a maliciously crafted MSL file triggers an out-of-bounds heap increment, leading to memory corruption and denial of service.
2 views•4 min read
•about 1 hour ago•CVE-2026-40311
5.5CVE-2026-40311: Heap Use-After-Free in ImageMagick XMP Profile Parsing
CVE-2026-40311 is a medium-severity heap use-after-free (UAF) vulnerability located in ImageMagick's Extensible Metadata Platform (XMP) profile parser. The flaw occurs within the `GetXMPProperty` function due to improper memory lifecycle management when interacting with internal splay tree structures, leading to a denial-of-service condition when malformed images are processed.
3 views•7 min read
•about 7 hours ago•CVE-2023-36424
7.8CVE-2023-36424: Windows Common Log File System (CLFS) Driver Elevation of Privilege
CVE-2023-36424 is an actively exploited Elevation of Privilege vulnerability in the Windows Common Log File System (CLFS) driver (`clfs.sys`). By exploiting an Out-of-Bounds Read flaw during the parsing of malformed Base Log Files (.blf), a low-privileged local attacker can leak sensitive kernel pointers, bypass KASLR, and ultimately elevate privileges to SYSTEM. The flaw affects nearly all supported versions of Windows and Windows Server.
5 views•7 min read
•about 10 hours ago•CVE-2025-0520
9.4CVE-2025-0520: Unauthenticated Remote Code Execution via Unrestricted File Upload in ShowDoc
ShowDoc versions prior to 2.8.7 are vulnerable to a critical unrestricted file upload vulnerability due to an incorrect property configuration in the ThinkPHP file upload class. This allows unauthenticated attackers to upload arbitrary PHP web shells and achieve remote code execution.
5 views•6 min read
•about 11 hours ago•GHSA-CMXV-58FP-FM3G
6.8GHSA-cmxv-58fp-fm3g: Cross-Domain Credential Leakage in AsyncHttpClient
AsyncHttpClient prior to version 3.0.9 is vulnerable to cross-domain credential leakage during HTTP redirects. The library incorrectly forwards Authorization headers and internal Realm objects to untrusted origins, potentially exposing sensitive tokens to unauthorized network actors.
3 views•5 min read
•about 11 hours ago•GHSA-527G-3W9M-29HV
5.3GHSA-527g-3w9m-29hv: LDAP Injection in mitmproxy proxyauth Addon
mitmproxy versions 12.2.1 and below contain a moderate severity LDAP injection vulnerability in the built-in proxyauth addon. When configured to use LDAP for proxy authentication, improper sanitization of the username field allows unauthenticated attackers to manipulate LDAP queries. This can lead to proxy authentication bypass and potential information disclosure.
4 views•5 min read
•about 16 hours ago•GHSA-R4Q5-VMMM-2653
7.4GHSA-R4Q5-VMMM-2653: Information Exposure via Sensitive Header Leak in follow-redirects
The `follow-redirects` Node.js library contains an information exposure vulnerability where sensitive custom authentication headers are leaked to cross-domain redirect targets. A hardcoded regex blacklist failed to remove non-standard headers during cross-origin redirects or protocol downgrades.
5 views•6 min read
•about 17 hours ago•GHSA-76HW-P97H-883F
6.5GHSA-76hw-p97h-883f: Arbitrary File Write via Path Traversal in gdown Archive Extraction
The Python package `gdown` prior to version 5.2.2 is vulnerable to an arbitrary file write flaw via a path traversal vulnerability in the `gdown.extractall` function. When extracting maliciously crafted ZIP or TAR archives containing relative path components (such as `../`), the extraction process writes files outside the intended destination directory. Exploiting this vulnerability requires user interaction to process the crafted archive, but successful exploitation yields arbitrary file overwrite capabilities, which an attacker can leverage for remote code execution or persistence.
5 views•6 min read
•about 19 hours ago•CVE-2026-32270
1.7CVE-2026-32270: Information Disclosure in Craft Commerce Payments Controller
CVE-2026-32270 is an Information Disclosure vulnerability affecting Craft Commerce, a popular ecommerce extension for the Craft CMS ecosystem. The flaw resides in the payment processing endpoint where the system correctly blocks unauthorized payment attempts but incorrectly attaches the full serialized order entity to the resulting JSON error response. Unauthenticated attackers can exploit this behavior by supplying a valid order number, bypassing intended authorization controls to extract sensitive Personally Identifiable Information (PII) including customer emails, physical addresses, and purchase histories.
3 views•7 min read
•about 20 hours ago•CVE-2026-34069
5.3CVE-2026-34069: Remote Denial of Service via Reachable Assertion in Nimiq Albatross Consensus
The Nimiq Albatross consensus implementation suffers from a remote Denial of Service (DoS) vulnerability. An unauthenticated peer can trigger a reachable assertion by sending a crafted RequestMacroChain message containing a micro block hash, leading to a Rust panic and subsequent crash of the consensus task.
4 views•6 min read
•about 22 hours ago•CVE-2026-5724
6.3CVE-2026-5724: Missing Authentication in Temporal gRPC Streaming Endpoint
Temporal's go.temporal.io/server package contains a missing authentication vulnerability in its frontend gRPC server. The streaming interceptor chain omits the authorization interceptor, allowing unauthenticated network attackers to access the AdminService/StreamWorkflowReplicationMessages endpoint and potentially exfiltrate workflow replication data.
6 views•5 min read