Briefs

CVE-2026-4750 is a critical out-of-bounds read vulnerability affecting fabiangreffrath woof versions before 15.3.0, potentially leading to information disclosure or denial of service.

RetroDebugger before v0.64.72 is vulnerable to an out-of-bounds read (CVE-2026-4753), potentially leading to information disclosure or denial of service.

An unauthenticated, remote attacker can exploit an out-of-bounds write vulnerability (CVE-2026-33854) in MolotovCherry Android-ImageMagick7 versions before 7.1.2-10 by enticing a user to open a malicious image, potentially leading to arbitrary code execution.

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in joncampbell123's doslib before version doslib-20250729, potentially leading to arbitrary code execution.

CVE-2026-33850 is an out-of-bounds write vulnerability in WujekFoliarz DualSenseY-v2 before version 54, potentially allowing an attacker to execute arbitrary code or cause a denial-of-service by writing data outside the allocated buffer.

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms before PR#96 could lead to arbitrary code execution.

Vitals ESP developed by Galaxy Software Services suffers from a missing authentication vulnerability (CVE-2026-4640), enabling unauthenticated remote attackers to execute functions and obtain sensitive information.

CVE-2026-4639 is an Incorrect Authorization vulnerability in Galaxy Software Services' Vitals ESP, allowing authenticated remote attackers to perform administrative functions and escalate privileges.

CVE-2026-4627 is an OS command injection vulnerability in the handler_update_system_time function of the libdeuteron_modules.so file in the NTP Service component of D-Link DIR-825 and DIR-825R devices, which can be exploited remotely by authenticated attackers.

CVE-2026-4632 is a SQL Injection vulnerability in itsourcecode Online Enrollment System 1.0, specifically affecting the Parameter Handler component at '/sms/user/index.php?view=add', allowing a remote attacker to inject malicious SQL code by manipulating the 'Name' argument, with a public exploit available.

A SQL injection vulnerability in SourceCodester Online Admission System 1.0 allows remote attackers to execute arbitrary SQL commands by manipulating the 'program' argument in the /programmes.php file.

A server-side request forgery (SSRF) vulnerability exists in the DefaultFuction Jeson-Customer-Relationship-Management-System's API Module, specifically affecting the /api/System.php file, allowing remote attackers to manipulate the 'url' argument and potentially access internal resources.

A use-after-free vulnerability in Google Chrome's FedCM component (CVE-2026-4680) allows a remote attacker to execute arbitrary code within a sandbox by exploiting a crafted HTML page.

A remote attacker can perform an out-of-bounds memory write on Google Chrome by exploiting an integer overflow in the Fonts component via a crafted HTML page in versions prior to 146.0.7680.165.

A use-after-free vulnerability (CVE-2026-4676) in Google Chrome before 146.0.7680.165 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

A remote attacker can trigger an out-of-bounds memory read in Google Chrome's WebAudio implementation by crafting a malicious HTML page (CVE-2026-4677), affecting versions prior to 146.0.7680.165.

A use-after-free vulnerability in Google Chrome's WebGPU component (CVE-2026-4678) allows a remote attacker to execute arbitrary code within a sandbox by crafting a malicious HTML page, affecting Chrome versions prior to 146.0.7680.165.

A remote attacker can exploit an out-of-bounds read vulnerability (CVE-2026-4674) in Google Chrome versions prior to 146.0.7680.165 to achieve out-of-bounds memory access via a crafted HTML page, impacting confidentiality, integrity, and availability.

A path traversal vulnerability exists in Spring Cloud Config Server versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2, allowing unauthenticated remote attackers to access files outside configured search directories when using the native file system backend.

CVE-2026-4021 describes an authentication bypass vulnerability in the Contest Gallery plugin for WordPress, allowing unauthenticated attackers to gain admin access by manipulating the user activation key and using an AJAX login endpoint.

A remote SQL injection vulnerability (CVE-2026-4613) exists in SourceCodester E-Commerce Site 1.0 within the /products.php file due to improper input sanitization of the 'Search' argument, potentially allowing attackers to read or modify sensitive database information.

The Go MCP SDK before v1.4.1 is vulnerable to cross-site POST requests due to insufficient origin validation and content type enforcement, potentially leading to arbitrary tool execution on local servers in stateless or sessionless deployments.

Salvo web framework versions 0.39.0 through 0.89.2 are vulnerable to Path Traversal and Access Control Bypass, allowing unauthenticated external attackers to bypass proxy routing constraints and access unintended backend paths.

The Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter, allowing arbitrary file reads from the resolver pod's filesystem, including ServiceAccount tokens.

A denial-of-service vulnerability (CVE-2026-33174) exists in Ruby on Rails Active Storage versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 due to unbounded memory allocation when handling large or unbounded Range headers in proxy delivery mode.

An authenticated user can exploit the Blinko upsertUser endpoint to escalate privileges, modify other users' passwords, and achieve account takeover due to missing authentication and verification checks.

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Cabinet Plugin list view of Connect-CMS, affecting versions 1.35.0 to 1.41.0 and 2.35.0 to 2.41.0, which can lead to arbitrary script execution in the victim's browser.

TeamPCP conducted a supply chain attack compromising the KICS GitHub Action, impacting users who integrated the compromised version into their CI/CD pipelines.

WWBN AVideo platform versions up to 26.0 are vulnerable to SQL injection (CVE-2026-33723), allowing authenticated attackers to inject arbitrary SQL commands via the 'user_id' POST parameter and extract sensitive data such as password hashes, API keys, and encryption salts.

WWBN AVideo platform versions up to 26.0 allows a 'Videos Moderator' to escalate privileges and perform unauthorized video management operations due to inconsistent authorization checks.