•about 13 hours ago•GHSA-JQQ5-8PX3-9M6M
6.2GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders
A heap-based buffer overflow vulnerability exists in the JSON and YAML encoders of ImageMagick and Magick.NET. This issue constitutes an incomplete fix for CVE-2026-40169, resulting in a single-byte out-of-bounds write (off-by-one error) during image metadata serialization.
4 views•6 min read
•about 16 hours ago•GHSA-VF33-6R7X-66XX
3.3GHSA-VF33-6R7X-66XX: Division by Zero and Integer Overflow in ImageMagick Morphology
ImageMagick versions prior to 7.1.1-33 contain an integer overflow vulnerability within the morphology module's binomial kernel generation logic. This integer overflow propagates to yield a division by zero error, resulting in a denial of service.
3 views•6 min read
•about 17 hours ago•GHSA-QV2Q-C278-PCH5
3.7GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick
ImageMagick and its .NET wrapper Magick.NET fail to generate unique Initialization Vectors (IVs) when using the PasskeyEncipherImage method with AES-CTR mode. The deterministic derivation of the IV relies solely on the passphrase and the image dimensions. This cryptographic flaw leads to nonce reuse, allowing an attacker to recover plain text pixel data via XOR operations on ciphertexts.
4 views•5 min read
•about 23 hours ago•CVE-2026-8596
7.2CVE-2026-8596: Remote Code Execution via Cleartext HMAC Key in Amazon SageMaker Python SDK
The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to the cleartext storage of a symmetric HMAC signing key in job environment variables. An authenticated attacker with `Describe` permissions can extract this key to forge valid integrity signatures for malicious model artifacts.
2 views•6 min read
•about 24 hours ago•CVE-2026-8597
7.2CVE-2026-8597: Arbitrary Code Execution via Missing Integrity Verification in Amazon SageMaker Python SDK Triton Handler
The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to a lack of cryptographic integrity verification in its Triton inference handler. An attacker possessing S3 write permissions can replace legitimate model artifacts with a malicious payload, resulting in code execution within the inference container upon deserialization.
4 views•6 min read
•1 day ago•GHSA-HGV7-V322-MMGR
8.6GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch
The SvelteKit framework contains a critical cross-talk vulnerability within its server-side rendering (SSR) processing logic. The query.batch functionality improperly scopes state variables during concurrent request handling, allowing data intended for one user session to be exposed to another. The issue is resolved in version 2.60.1 by migrating the batching state to a strictly isolated request store.
3 views•7 min read
•1 day ago•GHSA-VRXG-GM77-7Q5G
8.7GHSA-vrxg-gm77-7q5g: Unauthenticated Remote Code Execution in Windows-MCP HTTP Transport
Windows-MCP versions prior to 0.7.5 expose an unauthenticated HTTP transport endpoint with a wildcard CORS policy. This allows remote attackers or malicious websites to execute arbitrary PowerShell commands on the host machine by interacting with the local MCP server.
3 views•6 min read
•1 day ago•GHSA-PXH5-6RRC-8RJV
3.1GHSA-PXH5-6RRC-8RJV: Client-Side Denial of Service in OpenTofu via Crafted HTTP/2 SETTINGS Frame
OpenTofu versions prior to 1.11.8 are susceptible to a client-side Denial of Service (DoS) vulnerability due to improper handling of HTTP/2 SETTINGS frames. When fetching dependencies from an attacker-controlled registry, the client can be forced into an infinite loop, resulting in uncontrolled CPU and memory exhaustion.
5 views•7 min read
•1 day ago•GHSA-MW8F-W6P8-XRF4
9.9GHSA-MW8F-W6P8-XRF4: Cross-Tenant Account Deletion and Authorization Bypass in wger via Flawed Null Comparison
GHSA-MW8F-W6P8-XRF4 is a critical authorization bypass vulnerability in the wger fitness manager. The flaw exists due to an incomplete patch for CVE-2026-43948, leaving specific user management views vulnerable to flawed null value comparisons. This enables attackers with restricted permissions to permanently delete or deactivate arbitrary user accounts across the global unassigned user pool.
2 views•7 min read
•1 day ago•GHSA-M837-XVXR-VQWG
6.9GHSA-m837-xvxr-vqwg: Hardcoded CORS Wildcard Enables Cross-Origin Credential Abuse in Flowise
Flowise versions prior to 3.1.2 contain a hardcoded CORS wildcard on the Text-to-Speech (TTS) endpoint. This configuration bypasses the application's global security policies and enables cross-origin credential abuse, leading to unauthorized resource consumption and potential financial impact via third-party API quota exhaustion.
2 views•5 min read
•1 day ago•CVE-2026-45829
10.0CVE-2026-45829: Pre-Authentication Remote Code Execution in ChromaDB via ChromaToast
CVE-2026-45829, commonly referred to as ChromaToast, is a critical Pre-Authentication Remote Code Execution (RCE) vulnerability affecting the ChromaDB vector database. The flaw exists in the handling of embedding function configurations during collection creation, allowing unauthenticated attackers to execute arbitrary Python code on the server or client applications.
24 views•5 min read
•1 day ago•CVE-2026-9082
6.5CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core PostgreSQL Driver
Drupal Core contains a highly critical SQL injection vulnerability (CVE-2026-9082) within its Database Abstraction API. The flaw specifically affects installations using the PostgreSQL database backend, allowing unauthenticated attackers to execute arbitrary SQL commands via crafted array keys in filter parameters.
148 views•5 min read