🟠 CVE-2026-49941 - High (7.5)

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses.

The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49941/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41518 - High (7.6)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScri...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41518/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41249 - High (8.2)

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out the unverified code from the...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41249/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Anthropic's open-source framework for AI-powered vulnerability discovery

https://github.com/anthropics/defending-code-reference-harness

#HackerNews #Anthropic #AI #open-source #vulnerability #discovery #code #security #machinelearning

🟠 CVE-2025-71316 - High (7.8)

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that r...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71316/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-41234 - High (7.6)

Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines in...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41234/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🚨 EUVD-2025-210067

📊 Score: 7.3/10 (CVSS v3.1)
📦 Product: sqldiff
🏢 Vendor: SQLite
📅 Updated: 2026-06-04

📝 SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in ...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-210067

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-34311

📊 Score: 6.6/10 (CVSS v3.1)
📦 Product: netty-incubator-codec-ohttp
🏢 Vendor: netty
📅 Updated: 2026-06-04

📝 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received b...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-34311

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-34312

📊 Score: 5.3/10 (CVSS v3.1)
📦 Product: quic-go
🏢 Vendor: quic-go
📅 Updated: 2026-06-04

📝 quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trail...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-34312

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-34313

📊 Score: 7.6/10 (CVSS v3.1)
📦 Product: Froxlor
🏢 Vendor: froxlor
📅 Updated: 2026-06-04

📝 Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT reco...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-34313

#cybersecurity #infosec #euvd #cve #vulnerability