CVE Brief Security Intelligence

A use-after-free vulnerability exists in the Dawn component of Google Chrome. This flaw allows attackers to potentially execute arbitrary code or cause a denial-of-service via a crafted HTML page.

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs

Heap buffer overflow in GPU in Google Chrome prior to 146

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146

Use after free in Web MIDI in Google Chrome on Android prior to 146

Use after free in WebCodecs in Google Chrome prior to 146

Use after free in WebGL in Google Chrome prior to 146

Use after free in Dawn in Google Chrome prior to 146

Use after free in PDF in Google Chrome prior to 146

Use after free in Dawn in Google Chrome prior to 146

Integer overflow in Codecs in Google Chrome prior to 146

Object corruption in V8 in Google Chrome prior to 146

Out of bounds read in WebCodecs in Google Chrome prior to 146

Out of bounds read in WebCodecs in Google Chrome prior to 146

Integer overflow in ANGLE in Google Chrome on Windows prior to 146

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5

JOSE is a Javascript Object Signing and Encryption (JOSE) library

FastGPT, an AI Agent building platform, contains a security vulnerability that could lead to unauthorized access or manipulation of AI agent configurations.

Admidio is an open-source user management solution

WWBN AVideo is an open source video platform

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

Mbed TLS before 3

WWBN AVideo is an open source video platform

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data

A vulnerability was determined in Tenda CH22 1

Mbed TLS 3

An issue was discovered in Mbed TLS through 3

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default

IBM Verify Identity Access Container 11

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments

IBM Storage Protect Server 8

OpenClaw before 2026

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices

XenForo before 2

XenForo before 2

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths

A flaw was found in libinput

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session

A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session

Payload is a free and open source headless content management system

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10

SiYuan is a personal knowledge management system

Payload is a free and open source headless content management system

OpenClaw before 2026

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5

OpenClaw before 2026

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++

Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs

A flaw was found in Corosync

Improper authentication in the OAuth login functionality in Devolutions Server 2026

Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026

Sereal::Decoder versions from 4

Sereal::Encoder versions from 4

OpenClaw before 2026

OpenClaw before 2026

OpenClaw before 2026

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++

Impact: The fix for CVE-2021-23337 (https://github

Tina is a headless content management system

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory

An integer overflow vulnerability in 'pdf-image

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution

V-SFT versions 6

V-SFT versions 6

V-SFT versions 6

V-SFT versions 6

V-SFT versions 6

Trino is a distributed SQL query engine for big data analytics

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

Payload is a free and open source headless content management system

A directory traversal vulnerability in the agentic-context-engine project versions up to 0

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory

A flaw was found in the gdk-pixbuf library

OpenClaw before 2026

mppx is a TypeScript interface for machine payments protocol

PAGI::Middleware::Session::Store::Cookie versions through 0

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node

SiYuan is a personal knowledge management system

XenForo before 2

A regression in the way hashes were calculated caused rules containing the address range syntax (x

A flaw was found in Corosync