New
CVE-2026-9150: Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums: A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory ...
CVE-2026-47782: Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor notification.
CVE-2026-47372: Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts: Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
CVE-2026-40102: Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics: Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike the regular AnalyticsEndpoint, which checks against an allowlist), causing ORM Field Reference Injecti...
CVE-2026-40094: nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer contact addresses: nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact ca...
Updated
CVE-2024-0456: Direct Request ('Forced Browsing') in GitLab: An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
CVE-2023-6955: Missing Authorization in GitLab: A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.
CVE-2024-49767: Werkzeug possible resource exhaustion when parsing file data in forms: Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (deni...
CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability: Microsoft Defender Denial of Service Vulnerability
CISA Known Exploited Vulnerabilities
CVE-2010-0249 Microsoft Internet Explorer: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2010-0806 Microsoft Internet Explorer: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
CVE-2009-1537 Microsoft DirectX: Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
CVE-2026-45498 Microsoft Defender: Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-41091 Microsoft Defender: Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.