•9 minutes ago•CVE-2026-27806
7.8CVE-2026-27806: Local Privilege Escalation via Tcl Script Injection in Fleet DM Orbit Agent
CVE-2026-27806 is a local privilege escalation vulnerability in the Fleet DM Orbit agent for macOS. Improper neutralization of user input during the automated FileVault key rotation process allows local unprivileged users to execute arbitrary commands as root via Tcl script injection.
0 views•7 min read
•about 1 hour ago•GHSA-H9MW-H4QC-F5JF
6.5GHSA-H9MW-H4QC-F5JF: Authenticated Denial-of-Service via Unrestricted GraphQL Execution in kubernetes-graphql-gateway
The kubernetes-graphql-gateway package prior to version 1.2.9 contains a Denial-of-Service (DoS) vulnerability due to missing resource constraints on the GraphQL endpoint. An authenticated attacker can submit deeply nested or highly complex GraphQL queries that exhaust CPU and memory resources during the Abstract Syntax Tree (AST) parsing and resolution phases. This results in severe performance degradation or complete service unavailability.
0 views•8 min read
•about 2 hours ago•GHSA-VVJJ-XCJG-GR5G
4.9GHSA-VVJJ-XCJG-GR5G: SMTP Command Injection via CRLF in Nodemailer
Nodemailer versions up to 8.0.4 contain an SMTP command injection vulnerability due to improper neutralization of CRLF sequences in the transport name configuration. This allows attackers to inject arbitrary SMTP commands into the initial handshake.
2 views•5 min read
•about 2 hours ago•CVE-2026-34588
7.8CVE-2026-34588: Signed 32-bit Integer Overflow leading to Out-of-Bounds Memory Access in OpenEXR PIZ Decoder
OpenEXR versions 3.1.0 through 3.4.8 contain a signed 32-bit integer overflow vulnerability in the PIZ decompression routine. Processing maliciously crafted EXR files with extreme image dimensions triggers out-of-bounds read and write operations, potentially enabling arbitrary code execution or localized denial of service.
3 views•6 min read
•about 3 hours ago•CVE-2026-39865
5.9CVE-2026-39865: Denial of Service via Array State Corruption in Axios HTTP/2 Session Cleanup
Axios versions prior to 1.13.2 contain a state corruption vulnerability in the HTTP/2 session cleanup routine. The improper handling of array mutations during backwards iteration allows a malicious HTTP/2 server to crash the Node.js process by terminating multiple sessions concurrently.
2 views•7 min read
•about 3 hours ago•CVE-2026-34589
8.4CVE-2026-34589: Heap Out-of-Bounds Write in OpenEXR DWA Lossy Decoder
CVE-2026-34589 is a high-severity heap out-of-bounds write vulnerability within the OpenEXR Core library, specifically in the DreamWorks Animation (DWA) lossy decompression logic. By crafting a malicious EXR file with excessively large dimensions, an attacker can trigger a 32-bit signed integer overflow that corrupts subsequent pointer arithmetic. This memory corruption affects multiple version branches of OpenEXR and allows an attacker to cause a denial-of-service condition or potentially execute arbitrary code.
3 views•7 min read
•about 4 hours ago•CVE-2026-33753
6.2CVE-2026-33753: Trust Boundary Confusion and Authorization Bypass in rfc3161-client
The rfc3161-client Python library prior to version 1.0.6 contains a trust boundary confusion vulnerability in its Time-Stamp Protocol (TSP) implementation. A flawed topological heuristic used for identifying the signer's leaf certificate allows an attacker to inject spoofed certificates and bypass authorization checks.
2 views•6 min read
•about 5 hours ago•GHSA-26PP-8WGV-HJVM
5.3GHSA-26PP-8WGV-HJVM: HTTP Response Splitting via CRLF Injection in Hono's setCookie
The Hono web framework contains a vulnerability in its cookie management utility that allows HTTP response splitting. The `setCookie` function fails to validate or sanitize user-supplied cookie names against control characters. If an application utilizes untrusted input to define a cookie name, an attacker can inject carriage return and line feed (CRLF) characters to manipulate the raw HTTP response headers.
9 views•5 min read
•about 5 hours ago•GHSA-RFGH-63MG-8PWM
5.4GHSA-rfgh-63mg-8pwm: Improper Authorization in pyLoad-ng WebUI Endpoints
An improper authorization vulnerability in the pyload-ng WebUI JSON blueprint allows authenticated users with lower-tier permissions (such as ADD or DELETE) to execute operations that strictly require MODIFY permissions. This access control mismatch enables unauthorized users to reorder download queues and abort active downloads.
4 views•6 min read
•about 5 hours ago•CVE-2025-7709
6.9CVE-2025-7709: Heap-Based Out-of-Bounds Write via Integer Overflow in SQLite FTS5
An integer overflow vulnerability exists in the SQLite Full-Text Search (FTS5) extension, leading to a heap-based out-of-bounds write. The flaw occurs due to a truncation error when calculating the memory allocation size for tombstone pointers. This vulnerability affects SQLite versions 3.49.1 up to but not including 3.50.3.
4 views•7 min read
•about 5 hours ago•CVE-2026-28418
4.4CVE-2026-28418: Heap-Based Out-of-Bounds Read in Vim Emacs Tags Parser
Vim versions prior to 9.2.0074 suffer from an out-of-bounds read vulnerability in the Emacs-style tags file parsing logic. The flaw allows an attacker to trigger an out-of-bounds memory read of up to 7 bytes by supplying a crafted tags file. Processing this file via standard Vim commands results in a denial of service (crash) or potential minor heap memory exposure.
4 views•6 min read
•about 5 hours ago•CVE-2026-28417
4.4CVE-2026-28417: OS Command Injection in Vim netrw Plugin
An OS command injection vulnerability exists within the bundled netrw plugin of the Vim text editor. Insufficient validation of URI hostnames allows local attackers to execute arbitrary shell commands when a user interacts with a crafted payload.
4 views•6 min read