CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Out-of-bounds memory access in the WebGPU implementation of Mesa (fixed in 25.3.6 and 26.0.1) lets an attacker who can submit WebGPU workloads corrupt memory, because a to-be-allocated buffer size is taken from an untrusted party and passed to alloca, producing a stack-based out-of-bounds write (CWE-787). The CVSS 9.8 rating reflects total technical impact, but there is no public exploit identified at time of analysis and EPSS is very low at 0.04%, indicating a serious memory-corruption bug that is not yet being exploited. SUSE and Debian LTS have already shipped fixed packages.