•about 6 hours ago•CVE-2026-42899
7.5CVE-2026-42899: Denial of Service via Infinite Loops in ASP.NET Core Subsystems
CVE-2026-42899 is a high-severity Denial of Service (DoS) vulnerability in the Microsoft ASP.NET Core framework, characterized by multiple instances of a 'Loop with Unreachable Exit Condition' (CWE-835). An unauthenticated remote attacker can trigger 100% CPU utilization by supplying specially crafted requests that exploit logic errors in request parsing, data protection, minimal APIs, and caching subsystems.
2 views•7 min read
•about 7 hours ago•CVE-2026-35433
7.3CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime
CVE-2026-35433 is a high-severity Elevation of Privilege (EoP) vulnerability affecting the .NET Desktop Runtime. The flaw originates from a heap-based buffer overflow in the Windows Forms and WPF components due to improper input validation and integer overflow during binary data parsing. Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the compromised application.
2 views•8 min read
•about 8 hours ago•GHSA-JGG6-4RPR-WFH7
9.8GHSA-JGG6-4RPR-WFH7: Mistral AI SDK Supply Chain Compromise via Mini Shai-Hulud Worm
A significant supply chain compromise affected official Mistral AI software development kits (SDKs) on both NPM and PyPI ecosystems. The incident involved an automated worm known as 'Mini Shai-Hulud' that leveraged stolen maintainer credentials to publish malicious packages containing secondary dropper payloads.
2 views•5 min read
•about 9 hours ago•GHSA-FVH2-GM75-J4J7
8.8CVE-2026-42559: DNS Rebinding and CSRF in Model Context Protocol (MCP) HTTP Transport
The Model Context Protocol (MCP) Rust SDK (`rmcp`), a transitive dependency of the `dynoxide` database proxy, contains a high-severity vulnerability in its streamable HTTP server transport. The component fails to properly validate incoming HTTP `Host` headers, permitting DNS rebinding and Cross-Origin Request Forgery (CSRF) attacks against locally running database proxies.
4 views•6 min read
•about 10 hours ago•CVE-2026-2728
4.8CVE-2026-2728: Authenticated Stored Cross-Site Scripting (XSS) in LibreNMS RANCID Configuration
LibreNMS versions prior to 26.3.0 contain an authenticated Stored Cross-Site Scripting (XSS) vulnerability within the RANCID integration settings. The flaw occurs during the generation of the RANCID configuration repository link on the `showconfig` page, where user-supplied input is improperly neutralized before being inserted into an HTML href attribute. An attacker with administrative privileges can execute arbitrary JavaScript in the browser context of other administrators who view the affected page.
3 views•6 min read
•about 10 hours ago•GHSA-C55G-RP4X-FX84
7.8GHSA-C55G-RP4X-FX84: Integer Overflow and Out-of-Bounds Access in DirectX Tool Kit SpriteFont Parser
The Microsoft DirectX Tool Kit (DirectXTK and DirectXTK12) contains an integer overflow vulnerability in its SpriteFont parsing implementation, specifically affecting 32-bit application builds. The flaw resides in the `DirectX::BinaryReader::ReadArray` template function, where a multiplication operation using 32-bit arithmetic wraps around when processing maliciously crafted `.spritefont` files. This miscalculation circumvents pointer arithmetic safety checks, leading to out-of-bounds memory access. Successful exploitation allows an attacker to achieve memory corruption or information disclosure within the application parsing the untrusted file.
2 views•9 min read
•about 11 hours ago•GHSA-5R97-79VW-QVM4
5.3GHSA-5r97-79vw-qvm4: Integer Overflow and Memory Corruption in Microsoft DirectXTK12 SpriteFont Parser
An integer overflow vulnerability exists in the 32-bit builds of the Microsoft DirectX Tool Kit for DirectX 12 (DirectXTK12). By supplying a crafted .spritefont file, an attacker can trigger out-of-bounds memory operations, potentially leading to memory corruption and remote code execution.
3 views•6 min read
•about 12 hours ago•CVE-2026-6402
5.3CVE-2026-6402: Cross-Origin Source Code Exposure in webpack-dev-server
A medium-severity vulnerability in webpack-dev-server versions up to 5.2.3 allows malicious external websites to exfiltrate an application's entire source code when the development server is accessed over plain HTTP. The vulnerability leverages cross-origin script inclusion to bypass origin restrictions.
2 views•6 min read
•about 13 hours ago•GHSA-97R8-RF7Q-WMJW
N/AGHSA-97R8-RF7Q-WMJW: Stored Cross-Site Scripting via Sanitize-then-Decode Flaw in Sveltia CMS
Sveltia CMS versions prior to 0.160.1 contain a stored cross-site scripting (XSS) vulnerability within the content summary rendering subsystem. The flaw arises from an improper sequence of text transformation operations, specifically a sanitize-then-decode logic error. Attackers with content creation privileges can exploit this vulnerability by submitting entity-encoded HTML payloads, which execute malicious scripts within the browser context of users viewing the administrative interface.
2 views•6 min read
•about 22 hours ago•CVE-2020-17103
7.0CVE-2020-17103: Local Privilege Escalation in Windows Cloud Files Mini Filter Driver
CVE-2020-17103 is a local privilege escalation vulnerability located in the Windows Cloud Files Mini Filter Driver (cldflt.sys). An exploitable race condition during the handling of impersonation tokens allows a standard local user to write arbitrary data to the .DEFAULT registry hive, leading to SYSTEM-level code execution.
25 views•7 min read
•3 days ago•GHSA-WXW3-Q3M9-C3JR
6.5GHSA-WXW3-Q3M9-C3JR: Login CSRF via Insufficient OAuth State Verification in Better Auth
Better Auth's OAuth implementation contains a logic flaw in its handling of the state parameter when utilizing the cookie-backed state storage strategy. The application fails to cryptographically bind the generated OAuth state nonce to the stored session metadata, leading to insufficient verification during the callback phase. This omission permits Login Cross-Site Request Forgery (CSRF) and account association attacks when Proof Key for Code Exchange (PKCE) is disabled.
10 views•6 min read
•3 days ago•GHSA-VFVV-C25P-M7MM
High (Unscored)GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections
The rkyv zero-copy deserialization framework for Rust suffers from a panic safety vulnerability in its manual memory management logic. The flaw allows memory corruption, specifically Double Free and Use-After-Free, when element destructors panic during vector clearance.
10 views•5 min read