Skip to content
View MuhammedHussein17's full-sized avatar
3 followers · 6 following

Achievements

Achievement: Pull SharkAchievement: Quickdraw

Achievements

Achievement: Pull SharkAchievement: Quickdraw

Block or report MuhammedHussein17

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
MuhammedHussein17/README.md
Advisory Project Vulnerability Severity Status
CVE-2026-50142 · GHSA-jvmp-j3cw-84mh libheif Unbounded heap allocation in HEIF sequence parser High (CVSS 7.5) ✅ Fixed in 1 hour
CVE-2026-53532 · GHSA-2f85-52wj-hc3c OpenEXR Unhandled assert abort in HTJ2K decoder via crafted QCD marker — DoS via vendored OpenJPH (CWE-617) Moderate ✅ Published; fixed in v3.4.13
CVE pending LibRaw Integer overflow in crxSetupImageData() → heap-buffer-overflow-write in CRX/CR3 decoder (CWE-190 → CWE-122) High (CVSS 7.5) 🔒 Fixed by maintainer (commit 3734f99); CVE pending
GHSA-x6m8-gjm4-87c3 Cacti IDOR in reports_form_actions() — missing ownership check allows unauthorized report manipulation High (CVSS 8.8) 🔄 Fix merged, CVE pending
GHSA-44c9-hrq8-9r46 Cacti Path Traversal via unsanitized unserialize() in package_import.php — bypasses CVE-2024-25641 Medium (CVSS 6.6) 🔄 Fix in progress
CVE-2026-9794 Keycloak Unauthenticated client ID enumeration via SAML ECP faultstring oracle (CWE-203) Medium (CVSS 5.3) ✅ Fixed in 26.6.3
GHSA-v4hc-2928-gmm5 libarchive Integer overflow in atol10() XAR parser → checksum bypass & DoS (CWE-190) Medium (CVSS 4.3) 🔄 Fix merged (PR #3030), CVE pending
GHSA-hvq5-gp2g-6rmv libarchive Integer truncation in 7zip numDigests accumulator → heap OOB read (CWE-190) Medium 🔄 Pending triage
GHSA-3p4v-475w-5wxv libarchive Missing recursion depth guard in ISO9660 Joliet parser → stack overflow DoS (CWE-674) Medium (CVSS 4.3) 🔄 Pending triage
CVE Request 2040466 mtr 0.96 Arbitrary file read as root via MTR_OPTIONS=-F under sudo — incomplete fix for CVE-2025-49809 (CWE-73) Medium (CVSS 5.5) 🔄 Vendor fix applied, CVE pending
Credited in Nmap changelog Ncat 5 memory-safety issues in HTTP proxy & Telnet code: double-free in uri_free(), UAF in http_parse_header(), OOB read in parse_http_version(), NULL deref via Strdup(NULL), OOB read + stack info leak in dotelnet() — all pre-auth reachable (CWE-415, CWE-416, CWE-125, CWE-476, CWE-200) Medium ✅ All fixed by Nmap team (Dan Miller); credited in official changelog

Pinned Loading

  1. onnxruntime-fuzzing-suite onnxruntime-fuzzing-suite Public

    Production-ready libFuzzer harnesses for ONNX Runtime with OSS-Fuzz integration

    C++

  2. libheif-cve-2026-50142 libheif-cve-2026-50142 Public

    CVE-2026-50142 — Heap allocation vulnerability in libheif HEIF sequence parser