CVE-2026-39246: n/a
A vulnerability in decompress versions before 4.2.2 allows arbitrary symbolic link creation during archive extraction. The vulnerability arises because symlink entries in an archive are processed…
Read the full articleYou might also wanna read
GhostApproval Vulnerability Exploits Symlinks to Bypass AI Coding Agent Workspace Restrictions
GhostApproval lets attackers use symlinks to trick AI coding agents into writing outside a workspace and potentially gaining remote code exe
Critical 7-Zip vulnerability (CVE-8.8) enables code execution via crafted archive files; update to version 26.01 urged
Everyone, get your update hats on immediately; we're at DEFCON 1
Analysis of 7-Zip vulnerabilities: CVE-2025-11001 and CVE-2025-11002
A recently disclosed 7-Zip vulnerability allows malicious actors to execute code remotely through specially crafted ZIP files
Critical LangChain Core Vulnerability (CVE-2025-68664) Allows Serialization Injection Attacks
Cyata discloses LangGrinch (CVE-2025-68664), a critical LangChain Core serialization injection bug where untrusted, LLM-influenced metadata
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link
Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)
exploit for CVE-2026-42945. Contribute to DepthFirstDisclosures/Nginx-Rift development by creating an account on GitHub.

Comments
Sign in to join the conversation.
No comments yet. Be the first.