cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::read_payload function in cpp-httplib (httplib.h) parses the chunk-size field of HTTP chunked transfer encoding using std::strtoul(). Per the C standard (§7.22.1.4), strtoul silently accepts a leading minus sign, performing unsigned wrap-around: strtoul("-2", …, 16) returns ULONG_MAX − 1 (0xFFFFFFFFFFFFFFFE). The library's only guard (line 12833) rejects ULONG_MAX (the result of "-1"), but any other negative value such as "-2" passes validation. The resulting near-maximum value is stored in chunk_remaining and controls how many bytes the server's read loop consumes from the network. This vulnerability is fixed in 0.43.4.

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site (depending on template/sandbox behavior). This vulnerability is fixed in 2.2.20 and 3.1.24.

A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed.     Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\<username>\.sdm\state.kv. The file is protected only by default user-level NTFS permissions. Exploitation requires local read access to the affected user's profile directory and additional deployment and execution conditions on the target host. The condition was reported through coordinated disclosure by Hope Walker (SpecterOps).

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible