CVE-2026-33416

Overview

pnggroup
libpng

26 Mar 2026

Published

26 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

Pending

MITRE

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

Statistics

1 Post
2 Interactions

Last activity: 12 hours ago

Fediverse

Harry Sintonen @harrysintonen

#libpng 1.6.56 fixes two high-severity vulnerabilities: CVE-2026-33416 and CVE-2026-33636.

Out of these CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE is particularly serious as arbitrary code execution has been demonstrated. Applications that call png_free_data() to release memory between png_read_info() and png_read_update_info() are affected.

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

The second vulnerability CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon is of more limited concern as only crashes has been demonstrated. More serious impacts have not been ruled out, however.

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

#infosec #cybersecurity #CVE_2026_33416 #CVE_2026_33636

0
2
0
12h ago

CVE-2026-33636

Overview

pnggroup
libpng

26 Mar 2026

Published

26 Mar 2026

Updated

CVSS v3.1

HIGH (7.6)

EPSS

Pending

MITRE

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

Statistics

1 Post
2 Interactions

Last activity: 12 hours ago

Fediverse

Harry Sintonen @harrysintonen

#libpng 1.6.56 fixes two high-severity vulnerabilities: CVE-2026-33416 and CVE-2026-33636.

Out of these CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE is particularly serious as arbitrary code execution has been demonstrated. Applications that call png_free_data() to release memory between png_read_info() and png_read_update_info() are affected.

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

The second vulnerability CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon is of more limited concern as only crashes has been demonstrated. More serious impacts have not been ruled out, however.

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

#infosec #cybersecurity #CVE_2026_33416 #CVE_2026_33636

0
2
0
12h ago

CVE-2023-4966

Overview

Citrix
NetScaler ADC

10 Oct 2023

Published

21 Oct 2025

Updated

CVSS v3.1

CRITICAL (9.4)

EPSS

94.35%

MITRE

KEV

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Statistics

1 Post

Last activity: 20 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

CVE-2026-3055: The CitrixBleed Sequel That Will Unleash Ransomware Chaos—Patch Now or Perish + Video Introduction: History is repeating itself with terrifying precision. Just as the industry struggled to contain the fallout from CitrixBleed (CVE-2023-4966), a new memory overread vulnerability,…

0
0
0
20h ago

CVE-2025-3248

Overview

langflow-ai
langflow

07 Apr 2025

Published

29 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

92.08%

MITRE

KEV

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

1 Post

Last activity: 15 hours ago

Bluesky

HackerNoon @hackernoon.com

I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. #aisecurity

0
0
0
15h ago

CVE-2026-3910

Overview

Google
Chrome

12 Mar 2026

Published

14 Mar 2026

Updated

CVSS

Pending

EPSS

1.33%

MITRE

KEV

Description

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

1 Post

Last activity: 5 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

How to Pwn Chrome Before Your Coffee Finishes Brewing: A Deep Dive into CVE-2026-3910 and CVE-2026-3909 + Video Introduction: Two critical zero-day vulnerabilities, CVE-2026-3910 and CVE-2026-3909, were recently discovered being exploited in the wild, targeting Google Chrome’s renderer and GPU…

0
0
0
5h ago

CVE-2026-3909

Overview

Google
Chrome

12 Mar 2026

Published

24 Mar 2026

Updated

CVSS

Pending

EPSS

4.44%

MITRE

KEV

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

1 Post

Last activity: 5 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

How to Pwn Chrome Before Your Coffee Finishes Brewing: A Deep Dive into CVE-2026-3910 and CVE-2026-3909 + Video Introduction: Two critical zero-day vulnerabilities, CVE-2026-3910 and CVE-2026-3909, were recently discovered being exploited in the wild, targeting Google Chrome’s renderer and GPU…

0
0
0
5h ago

CVE-2026-22557

Overview

Ubiquiti Inc
UniFi Network Application

19 Mar 2026

Published

19 Mar 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.03%

MITRE

KEV

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Statistics

1 Post
1 Interaction

Last activity: 3 hours ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)" and "Emerging Threat: Ubiquiti UniFi Network Application Path Traversal (CVE-2026-22557)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X

0
1
0
3h ago

CVE-2025-66342

Overview

Canva
Affinity

17 Mar 2026

Published

18 Mar 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

Statistics

1 Post

Last activity: 8 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Talos~ Cisco Talos disclosed 30 patched vulnerabilities in Canva Affinity, TP-Link routers, and HikVision terminals, including several RCE flaws. - IOCs: CVE-2025-66342, CVE-2025-62673, CVE-2025-66176 - #CVE #ThreatIntel #Vulnerabilities

0
0
0
8h ago

CVE-2025-62673

Overview

TP-Link Systems Inc.
Archer AX53 v1.0

03 Feb 2026

Published

16 Mar 2026

Updated

CVSS v4.0

HIGH (8.6)

EPSS

0.01%

MITRE

KEV

Description

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Statistics

1 Post

Last activity: 8 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Talos~ Cisco Talos disclosed 30 patched vulnerabilities in Canva Affinity, TP-Link routers, and HikVision terminals, including several RCE flaws. - IOCs: CVE-2025-66342, CVE-2025-62673, CVE-2025-66176 - #CVE #ThreatIntel #Vulnerabilities

0
0
0
8h ago

CVE-2025-66176

Overview

Hikvision
DS-K1T331

13 Jan 2026

Published

18 Mar 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.01%

MITRE

KEV

Description

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Statistics

1 Post

Last activity: 8 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Talos~ Cisco Talos disclosed 30 patched vulnerabilities in Canva Affinity, TP-Link routers, and HikVision terminals, including several RCE flaws. - IOCs: CVE-2025-66342, CVE-2025-62673, CVE-2025-66176 - #CVE #ThreatIntel #Vulnerabilities

0
0
0
8h ago