24h | 7d | 30d

CVE-2026-41197

Overview

  • noir-lang
  • noir
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreign_call()`. Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through `allocate_external_call_results()`, which iterates over the result types. For `Type::Array` results, it delegates to `allocate_foreign_call_result_array()` to recursively allocate memory on the heap for nested arrays. The `BrilligArray` struct is the internal representation of a Noir array in Brillig IR. Its `size` field represents the semi-flattened size, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by `compute_array_length()` in `brillig_block_variables.rs`. For the outer array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size. However, for nested arrays, `allocate_foreign_call_result_array()` contains a bug. The pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the semantic length of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap. Version 1.0.0-beta.19 fixes this issue.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-6299

Overview

  • Google
  • Chrome
15 Apr 2026
Published
16 Apr 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-6299 chromeの脆弱性について Google Chrome の 147.0.7727.101 より前のバージョンにおいて、Prerender に解放後使用の脆弱性が存在します。細工された HTML ページを介して、遠隔の攻撃者が任意のコードを実行できる可能性があります。
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-34415

Overview

  • thexerteproject
  • xerteonlinetoolkits
22 Apr 2026
Published
22 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-40739

Overview

  • Siemens
  • Solid Edge SE2025
08 Jul 2025
Published
08 Jul 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Fediverse

Profile picture fallback
datatofu @drmorrisj

Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.

#SoftwareSecurity #MemorySafety #CWE #ADBE
2/2

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
datatofu @drmorrisj

Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.

Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.

Artifacts:
1/2

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-40741

Overview

  • Siemens
  • Solid Edge SE2025
08 Jul 2025
Published
08 Jul 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
datatofu @drmorrisj

Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships.

#SoftwareSecurity #MemorySafety #CWE #ADBE
2/2

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-40740

Overview

  • Siemens
  • Solid Edge SE2025
08 Jul 2025
Published
08 Jul 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
datatofu @drmorrisj

Adobe’s 95% VaR is driven by CVE-2025-40739 and CVE-2025-40740. These are CWE-125 (Out-of-bounds Read) and CWE-121 (Stack-based Buffer Overflow) flaws. In a modern stack, these should be legacy ghosts.

Instead, they remain the primary drivers of execution mass. When combined with the P5 Execution vector of 1.44, it reveals that the Adobe consumer is still vulnerable to the most fundamental classes of memory corruption.

Artifacts:
1/2

  • 0
  • 0
  • 0
  • 12h ago

CVE-2023-20198

Overview

  • Cisco
  • Cisco IOS XE Software
16 Oct 2023
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
94.05%
KEV

Description

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Talos~ Phishing reemerges as the top initial access vector, with AI tools and valid accounts driving attacks against public admin and healthcare. - IOCs: CVE-2025-20393, CVE-2023-20198, MeowBackConn - #Phishing #Ransomware #ThreatIntel
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-20393

Overview

  • Cisco
  • Cisco Secure Email
17 Dec 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
6.80%
KEV

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with&nbsp;root privileges.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Talos~ Phishing reemerges as the top initial access vector, with AI tools and valid accounts driving attacks against public admin and healthcare. - IOCs: CVE-2025-20393, CVE-2023-20198, MeowBackConn - #Phishing #Ransomware #ThreatIntel
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-6784

Overview

  • Mozilla
  • Firefox
21 Apr 2026
Published
22 Apr 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Statistics

  • 1 Post
  • 7 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Dan Goodin @dangoodin

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

  • 1
  • 6
  • 0
  • 12h ago

CVE-2026-6786

Overview

  • Mozilla
  • Firefox
21 Apr 2026
Published
22 Apr 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Statistics

  • 1 Post
  • 7 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Dan Goodin @dangoodin

@paco

I just asked Mozilla about this. Someone responded that internally found bugs like the 271 go into “roll-up” advisories with, each rollup providing a link to the bug list covered.

The 3 rollups are:

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

mozilla.org/en-US/security/adv

When you look at these rollups they say that "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

With no way of knowing how many vulnerabilities were truly severe and exploitable, I think Mozilla, like others gushing ab out LLM-assisted vuln finding, is denying us the data to assess the true value of Mythos.

  • 1
  • 6
  • 0
  • 12h ago
Showing 31 to 40 of 47 CVEs