## Summary When an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping `CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and r...
A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to caus...
A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to ca...
A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a...
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially...
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to...
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/adm...
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
