CVE-2026-3945 | tinyproxy up to 1.11.3 Chunk strtol integer overflow
A vulnerability was found in tinyproxy up to 1.11.3. It has been classified as problematic. This issue affects the function
Read More
Month: March 2026
CVE-2025-15379 | MLflow up to 3.8.1 Model _install_model_dependencies_to_env command injection
A vulnerability was found in MLflow up to 3.8.1. It has been declared as critical. Impacted is the function _install_model_dependencies_to_env
Read More
CVE-2026-5119 | GNOME libsoup HTTP Proxy cleartext transmission (EUVD-2026-17062)
A vulnerability was found in GNOME libsoup. It has been rated as problematic. The affected element is an unknown function
Read More
CVE-2026-2328 | WAGO Device Sphere/Solution Builder up to 1.2.1 improper filtering of special elements (VDE-2026-010)
A vulnerability categorized as critical has been discovered in WAGO Device Sphere and Solution Builder up to 1.2.1. The impacted
Read More
CVE-2026-5122 | osrg GoBGP up to 4.3.0 BGP OPEN Message pkg/packet/bgp/bgp.go DecodeFromBytes domainNameLen access control (ID 3343)
A vulnerability identified as problematic has been detected in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of
Read More
CVE-2026-5123 | osrg GoBGP up to 4.3.0 pkg/packet/bgp/bgp.go DecodeFromBytes data[1] off-by-one (ID 3342)
A vulnerability labeled as problematic has been found in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of
Read More
CVE-2026-5124 | osrg GoBGP up to 4.3.0 BGP Header pkg/packet/bgp/bgp.go BGPHeader.DecodeFromBytes access control (ID 3340)
A vulnerability marked as problematic has been reported in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of
Read More
CVE-2026-5125 | raine consult-llm-mcp up to 2.5.3 src/server.ts child_process.execSync git_diff.base_ref/git_diff.files os command injection
A vulnerability described as critical has been identified in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the
Read More
CVE-2026-5126 | SourceCodester RSS Feed Parser 1.0 file_get_contents server-side request forgery
A vulnerability classified as critical has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the
Read More
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group
Read More