AISLE CVE Discoveries

CVEs our AI-native engine discovered in the world's most audited code, responsibly disclosed to maintainers.

261CVEs Assigned
115High/Critical Severity
67Projects Secured

CVE-2025-11932

wolfSSL
2.3

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder

Nov 21, 2025View details →

CVE-2026-0930

wolfSSH
2.3

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

Apr 20, 2026View details →

CVE-2026-1892

WeKan
2.3

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. Upgrading to version 8.21 mitigates this issue. The name of the patch is cabfeed9a68e21c469bf206d8655941444b9912c. It is suggested to upgrade the affected component.

Feb 4, 2026View details →

CVE-2026-21620

OTP
2.3

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.

Feb 20, 2026View details →

CVE-2026-26228

VLC for Android
2.3

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the Android application sandbox and storage restrictions, typically limiting exposure to app-internal and app-specific external storage.

Feb 26, 2026View details →

CVE-2025-11931

wolfSSL
2.1

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.

Nov 21, 2025View details →

CVE-2025-11624

wolfSSH
1.8

Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.

Oct 21, 2025View details →

CVE-2026-24050

zulip
1.1

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.

Feb 6, 2026View details →

CVE-2026-8925

curl
N/A

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

Jul 3, 2026View details →

CVE-2026-8926

curl
N/A

When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://[email protected]/`, curl could wrongly get and use the password for *another* user set in the `.netrc` file for that host if such a one exists and there is no match for the specified user.

Jul 3, 2026View details →

CVE-2026-8932

curl
N/A

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS settings related to client certificates were left out from the configuration match checks, making them match too easily. In particular options related to the private key.

Jul 3, 2026View details →

CVE-2026-9080

curl
N/A

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.

Jul 3, 2026View details →

CVE-2026-9547

curl
N/A

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.

Jul 3, 2026View details →

CVE-2026-10536

curl
N/A

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.

Jul 3, 2026View details →
CTA background

Meet the system that responds
faster than you can say CVE.