Aggregator

CVE-2026-29964 | HSC Mailinspector 5.3.3-7 Endpoint /tap/tap.php cross site scripting (EUVD-2026-30784)

VulDB Recent Entries
1 month ago
A vulnerability classified as problematic has been found in HSC Mailinspector 5.3.3-7. This issue affects some unknown processing of the file /tap/tap.php of the component Endpoint. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-29964. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2026-45829 | Chroma ChromaDB up to 1.0.0 Model collections code injection (ID 6717)

VulDB Recent Entries
1 month ago
A vulnerability described as critical has been identified in Chroma ChromaDB up to 1.0.0. This vulnerability affects unknown code of the file the /api/v2/tenants/{tenant}/databases/{db}/collections of the component Model Handler. The manipulation results in code injection. This vulnerability was named CVE-2026-45829. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2026-29963 | HSC Mailinspector 5.3.3-7 Normalization /tap/dw.php text path traversal

VulDB Recent Entries
1 month ago
A vulnerability labeled as critical has been found in HSC Mailinspector 5.3.3-7. Affected by this issue is some unknown functionality of the file /tap/dw.php of the component Normalization Handler. Executing a manipulation of the argument text can lead to path traversal. This vulnerability is handled as CVE-2026-29963. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-14177

CVE Trends
1 month ago
Currently trending CVE - Hype Score: 1 - In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via ...

CVE-2025-54957

CVE Trends
1 month ago
Currently trending CVE - Hype Score: 8 - An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length ...

CVE-2026-44578

CVE Trends
1 month ago
Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker ...

AI is drowning software maintainers in junk security reports

Help Net Security
1 month ago

AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s security mailing list “almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.” Too many duplicates, and too much AI slop “If you found a bug using … More →

The post AI is drowning software maintainers in junk security reports appeared first on Help Net Security.

Zeljka Zorz

Managed ad