Aggregator

CVE-2026-35186 | bytecodealliance wasmtime up to 36.0.6/42.0.1/44.0.0 memory allocation (GHSA-f984-pcp8-v2p7)

VulDB Recent Entries
2 months 1 week ago
A vulnerability was found in bytecodealliance wasmtime up to 36.0.6/42.0.1/44.0.0 and classified as problematic. Affected by this issue is some unknown functionality. Such manipulation leads to uncontrolled memory allocation. This vulnerability is traded as CVE-2026-35186. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-24880 | Apache Tomcat up to 11.0.18 HTTP Request request smuggling

VulDB Recent Entries
2 months 1 week ago
A vulnerability has been found in Apache Tomcat up to 11.0.18 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. This manipulation causes http request smuggling. This vulnerability appears as CVE-2026-24880. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2026-29146 | Apache Tomcat up to 7.0.109/8.5.100/9.0.115/10.1.52/11.0.18 EncryptInterceptor reliance on obfuscation or encryption of security-relevant inputs without integrity checking

VulDB Recent Entries
2 months 1 week ago
A vulnerability, which was classified as problematic, was found in Apache Tomcat up to 7.0.109/8.5.100/9.0.115/10.1.52/11.0.18. Affected is an unknown function of the component EncryptInterceptor. The manipulation results in reliance on obfuscation or encryption of security-relevant inputs without integrity checking. This vulnerability is reported as CVE-2026-29146. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2026-34971 | bytecodealliance wasmtime up to 36.0.6/42.0.1/44.0.0 WebAssembly Config::wasm_memory64 out-of-bounds (GHSA-jhxm-h53p-jm7w)

VulDB Recent Entries
2 months 1 week ago
A vulnerability, which was classified as problematic, has been found in bytecodealliance wasmtime up to 36.0.6/42.0.1/44.0.0. This impacts the function Config::wasm_memory64 of the component WebAssembly Module. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-34971. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-35207 | linuxdeepin dde-control-center/deepin-deepinid-plugin prior 5.9.9/6.1.80 Deepinid Cloud Service certificate validation (GHSA-jf2h-4vqc-3jgc)

VulDB Recent Entries
2 months 1 week ago
A vulnerability classified as critical was found in linuxdeepin dde-control-center and deepin-deepinid-plugin. This affects an unknown function of the component Deepinid Cloud Service. Executing a manipulation can lead to improper certificate validation. This vulnerability is registered as CVE-2026-35207. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-34942 | bytecodealliance wasmtime up to 24.0.6/36.0.6/42.0.1/44.0.0 array index (GHSA-jxhv-7h78-9775)

VulDB Recent Entries
2 months 1 week ago
A vulnerability classified as problematic has been found in bytecodealliance wasmtime up to 24.0.6/36.0.6/42.0.1/44.0.0. The impacted element is an unknown function. Performing a manipulation results in improper validation of array index. This vulnerability is cataloged as CVE-2026-34942. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-34941 | bytecodealliance wasmtime up to 24.0.6/36.0.6/42.0.1/44.0.0 out-of-bounds (GHSA-hx6p-xpx3-jvvv)

VulDB Recent Entries
2 months 1 week ago
A vulnerability described as problematic has been identified in bytecodealliance wasmtime up to 24.0.6/36.0.6/42.0.1/44.0.0. The affected element is an unknown function. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2026-34941. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-39911 | hashgraph guardian up to 3.5.0 Environment Variable exposure of resource

VulDB Recent Entries
2 months 1 week ago
A vulnerability marked as critical has been reported in hashgraph guardian up to 3.5.0. Impacted is an unknown function of the component Environment Variable Handler. This manipulation causes exposure of resource. This vulnerability is tracked as CVE-2026-39911. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2026-39315 | unjs unhead up to 2.1.12 safe.ts useHeadSafe incomplete blacklist (GHSA-95h2-gj7x-gx9w)

VulDB Recent Entries
2 months 1 week ago
A vulnerability labeled as critical has been found in unjs unhead up to 2.1.12. This issue affects the function useHeadSafe of the file packages/unhead/src/plugins/safe.ts. The manipulation results in incomplete blacklist. This vulnerability is identified as CVE-2026-39315. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-5329 | Rapid7 Velociraptor up to 0.74.6/0.75.6/0.76.1 Client Monitoring Message handler input validation

VulDB Recent Entries
2 months 1 week ago
A vulnerability identified as critical has been detected in Rapid7 Velociraptor up to 0.74.6/0.75.6/0.76.1. This vulnerability affects unknown code of the component Client Monitoring Message handler. The manipulation leads to improper input validation. This vulnerability is referenced as CVE-2026-5329. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

Malicious PDF reveals active Adobe Reader zero-day in the wild

Security Affairs
2 months 1 week ago
Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it. Hackers used an Adobe Reader zero-day for months to deliver a sophisticated PDF exploit. Cybersecurity researcher Haifei Li, founder of Expmon, discovered the malicious file and warned the community. On March 26, […]
Pierluigi Paganini

[un]prompted 2026 – Zeal Of The Convert: Taming Shai-Hulud With AI

Security Boulevard
2 months 1 week ago

Author, Creator & Presenter: Rami McCarthy, Principal Security Researcher At Wiz

Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.

Permalink

The post [un]prompted 2026 – Zeal Of The Convert: Taming Shai-Hulud With AI appeared first on Security Boulevard.

Marc Handelman

Managed ad