{{#ev:}} or {{#evl:}} parser functions. The unsanitized service name is reflected into an error message that is rendered as raw HTML, executing in the wiki origin for every visitor to the affected page. No public exploit identified at time of analysis beyond the advisory's own PoC, but working PoC code is published in the GitHub Security Advisory GHSA-c29q-5xm7-5p62.
Prototype pollution in the npm package flat-to-nested (versions <= 1.1.1) lets attackers who control input records pollute Object.prototype by supplying a record with parent set to the string '__proto__'. The convert() function uses plain objects as lookup tables and writes attacker-controlled data through the prototype chain via initPush(), affecting any application that feeds untrusted flat records (REST input, DB rows, user-supplied data) into the library. No CISA KEV listing and no public exploit identified at time of analysis beyond the proof-of-concept embedded in the GitHub Security Advisory.
Denial-of-service in urllib3 2.6.3 allows a malicious HTTP server to exhaust client memory via a Brotli decompression bomb that bypasses the streaming API's max_length safeguard added in 2.6.0 (CVE-2025-66471). Any Python application using urllib3 or requests with preload_content=False to stream Brotli-encoded responses from untrusted origins is exposed. No public exploit identified at time of analysis, though an upstream commit and GHSA-mf9v-mfxr-j63j confirm the regression.
Authenticated remote code execution in gin-vue-admin 2.9.1 lets attackers with access to the code-generation and MCP management features inject arbitrary Go source via POST /autoCode/addFunc and trigger a rebuild/restart through POST /autoCode/mcpStart, yielding OS command execution as the application service account. No public exploit identified at time of analysis, and as of publication a patched version is not confirmed; the upstream GHSA-22cv-9jv2-6m62 advisory only documents allowlist-based workarounds.
Integrity and availability loss in Statamic CMS versions prior to 5.73.23 and 6.20.0 allows remote attackers to destroy content and assets by manipulating sort parameters that flow into in-memory collection sorting. This is an incomplete-fix follow-up to CVE-2026-41175 (CWE-470, unsafe reflection / method invocation), where the original patch covered the query builder but not the in-memory sort path. No public exploit identified at time of analysis and not in CISA KEV; exploitation requires a non-default template configuration that pipes visitor input into a tag's sort parameter.
Authentication bypass in CoreWCF (SAML 1.1 federation) allows remote attackers to be authenticated as the subject of a signed SAML assertion without proving holder-of-key possession or without a standard SubjectConfirmation method being enforced. Affects CoreWCF.Primitives versions before 1.8.1 and 1.9.0 through 1.9.1 when services consume SAML 1.1 tokens via WS2007FederationHttpBinding, WSFederationHttpBinding, or custom IssuedSecurityTokenParameters bindings. No public exploit identified at time of analysis, but the bypass directly defeats per-method authorization policies that federated services rely on.
Authenticated principal impersonation in CoreWCF (versions >=1.9.0, <1.9.1) occurs because the SPNEGO SecurityContextToken proof key returned in the RequestSecurityTokenResponse (RSTR) is wrapped without confidentiality protection, allowing any on-path observer to recover it. An attacker who captures the unprotected handshake can impersonate the authenticated Windows principal for the SCT lifetime (~10 hours) and decrypt or forge subsequent WS-SecureConversation traffic. No public exploit identified at time of analysis, but the vendor-confirmed advisory (GHSA-2288-8h3r-cqgg) and CVSS 7.4 indicate a meaningful confidentiality/integrity exposure for affected .NET WCF replacement deployments.
SAML token signature bypass in CoreWCF (versions <1.8.1 and 1.9.0) allows remote attackers to forge authenticated SAML assertions when the service validates tokens via a non-X.509 signing method. The SamlSerializer silently skips the final SignatureValue verification step, enabling assertion tampering and authentication bypass against WS-Trust holder-of-key configurations using symmetric proof keys. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-rpj7-hr7h-w6p9) confirms the issue and patches are available.
Authentication bypass via XML Signature Wrapping in CoreWCF allows attackers who capture a single signed SOAP envelope to replay arbitrary operations as the victim principal for the lifetime of the signing key. The flaw affects CoreWCF.Primitives versions below 1.8.1 and the 1.9.0 line below 1.9.1, defeating the DetectReplays mitigation because the attacker forges a fresh wsse:Security timestamp rather than reusing the original. No public exploit identified at time of analysis, but the vendor advisory (GHSA-gqv6-pwcg-87r8) provides sufficient technical detail to reproduce.
Heap out-of-bounds write in QEMU's virtio-snd paravirtualized sound device allows a malicious guest to corrupt host memory by sending oversized audio input that the `virtio_snd_pcm_in_cb` callback fails to size-check against the iov buffer. The flaw represents an incomplete fix for CVE-2024-7730 and affects hypervisor hosts exposing virtio-snd to untrusted guests. No public exploit identified at time of analysis, but the high CIA impact (C:H/I:H/A:H) and guest-to-host boundary crossing make this a meaningful VM escape candidate.
{% case %}` tag that has no `{% when %}`, `{% else %}`, or closing `{% endcase %}`. Because the loop occurs at parse time, any application that renders untrusted or user-supplied Liquid templates can be frozen with a payload as small as `{% case x %}`. It is a pure availability issue (CWE-835) with no confidentiality or integrity impact; not listed in CISA KEV and no evidence of active exploitation, though the trivial trigger is documented in the vendor advisory.
Remote code execution in libaom (reference AV1 codec) is possible when services use the SVC encoder with attacker-supplied frames, allowing crafted pixel data to overlap encoder layer context structures and hijack the cyclic refresh map pointer. The flaw chains a heap out-of-bounds write (CWE-787) with a crash-oracle ASLR bypass to redirect control flow in fork-based video processing services. No public exploit identified at time of analysis, but the issue is tracked under Red Hat and Chromium security trackers and an upstream fix commit has landed in aomedia.
Authorization bypass in jupyterlab-git 0.53.0 and earlier allows authenticated JupyterLab users to read admin-excluded git directories on case-insensitive filesystems (macOS APFS, Windows NTFS) by altering the case of URL path segments. The `GitHandler.prepare()` check uses `fnmatch.fnmatchcase()`, which is unconditionally case-sensitive, while the underlying filesystem resolves case-varied paths to the same location. Publicly available exploit code exists (PoC published with the GHSA advisory), but no public exploit identified in active exploitation feeds.
Authorization bypass in Mercator information system mapping application prior to version 2025.05.19 allows any authenticated user - including the read-only Auditor role - to query arbitrary Eloquent models via the unprotected `/admin/queries/execute` endpoint. The flaw permits enumeration of the `User` model and even allows the supposedly `$hidden` `password` column to be probed via `LIKE` filter predicates, enabling blind extraction of password hashes. No public exploit identified at time of analysis, but the vendor advisory (GHSA-q3r8-3h7c-96w3) confirms the issue and ships a fix.
Arbitrary address write in libaom, the reference AV1 video codec implementation, allows remote attackers to corrupt memory by supplying crafted pixel values to an encoder that has Scalable Video Coding (SVC) enabled, leading to denial of service or potential code execution. The flaw stems from a missing bounds check in the SVC layer ID control function that lets pixel data inject an attacker-controlled pointer into the cyclic refresh map, after which ~1,200 bytes are written deterministically to the chosen address. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authenticated path traversal in gonic music streaming server allows any Subsonic user to read or delete other users' playlists and probe arbitrary host file paths by smuggling `..` segments into the playlist `id` parameter. The flaw bypasses the ownership check introduced in commit 6dd71e6, which derived `playlist.UserID` from the first path segment of the attacker-controlled ID without containing the resolved file path. No public exploit identified at time of analysis, but a proof-of-concept test case is embedded in the upstream patch.
Denial of service in NI grpc-device 2.17.0 and earlier allows an authenticated remote attacker to crash or destabilize the gRPC server by sending a crafted BeginSidebandStream message containing an out-of-range enum value. The unchecked cast triggers undefined behavior in the server process, with no public exploit identified at time of analysis. The flaw is reported by the vendor and tracked under GHSA-prfr-q8h3-mqxv.
Out-of-bounds heap read in libaom's SVC layer ID control function allows remote attackers to leak approximately 40,728 bytes of heap memory or crash AV1 encoder processes by supplying a spatial_layer_id value exceeding the configured number of scalable video coding layers. The flaw affects network-facing services that pass attacker-influenced SVC encoder parameters into the reference AV1 codec, enabling information disclosure or denial of service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Heap buffer overflow in libde265 prior to version 1.1.0 allows remote attackers to corrupt heap memory and likely achieve code execution by tricking a user into processing a crafted H.265 video stream. The flaw stems from a 32-bit signed integer overflow in plane allocation sizing that wraps to ~1 KB, after which fill_image() writes the true ~4 GB plane content into the undersized buffer. No public exploit identified at time of analysis, but the upstream commit (8a1b5cf) and GHSA-vv8h-932h-7r86 publicly document the exact overflow location.
Out-of-bounds write in libde265 prior to version 1.0.20 allows remote attackers to corrupt memory by tricking a user into processing a maliciously crafted H.265 bitstream. The flaw resides in the short-term reference picture set handling and can lead to denial of service or potential code execution in any application that links libde265 for HEVC decoding. No public exploit identified at time of analysis, though the upstream patch and commit-level root-cause disclosure provide a clear roadmap for exploit development.
Broken authorization in gonic music streaming server prior to version 0.21.0 allows any authenticated user to delete or read other users' playlists via the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view. Because playlist IDs are base64url-encoded paths containing a small integer user ID and a guessable filename, low-privileged users can enumerate IDs to wipe an administrator's curated playlists or exfiltrate the contents of any private playlist. No public exploit identified at time of analysis, and the issue is patched in commit 6dd71e6 included in version 0.21.0.
Cross-tenant data exposure in Capgo before 12.128.2 lets an authenticated org-scoped read API key reach other tenants' PostgREST endpoints and pull HMAC webhook signing secrets plus delivery logs. Disclosed by VulnCheck with a vendor GitHub Security Advisory (GHSA-hj3h-v877-g5rx); no public exploit identified at time of analysis, and the secrets retrieved enable subsequent forgery of authentic-looking webhook events against victim organizations.
Unauthorized attachment file access in Flexera FlexNet Manager Suite 2025 R1 and R2 allows authenticated low-privileged users to retrieve attachment files belonging to other tenants or users due to insufficient access control enforcement. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list, but the CVSS 4.0 base score of 7.1 reflects meaningful confidentiality impact over the network with low privileges required. Organizations using FNMS for software asset management and license compliance should review the Flexera Community advisory and apply vendor guidance.
Authentication bypass in Apache APISIX versions 2.2 through 3.16.0 allows remote attackers to circumvent authentication enforced by the jwt-auth plugin under certain configurations, granting unauthorized access to APIs that should require a valid JWT. The flaw stems from spoofable identity assertions (CWE-290) in the plugin's verification logic, and at time of analysis there is no public exploit identified, but the wide affected version range and gateway role make it operationally significant.
Server-Side Request Forgery and arbitrary JavaScript injection in Craft CMS 4.x (before 4.18) and 5.x (before 5.10) allow remote unauthenticated attackers to poison the Host or X-Forwarded-Host header against the /actions/app/resource-js endpoint, forcing the backend Guzzle client to proxy attacker-controlled content as application/javascript. When the instance sits behind a caching layer, this chains into web cache poisoning, stored XSS in the Control Panel, and 1-click RCE via session-riding the plugin install action. No public exploit identified at time of analysis, though the GitHub Security Advisory (GHSA-c55v-343g-5xff) provides detailed exploitation mechanics.
Capgo's Enforce Password Policy feature in versions before 12.128.2 permanently locks Super Admins out of their organization through a backend state management flaw, constituting a targeted denial-of-service against administrative access. When a Super Admin enables the password policy and successfully changes their password to a policy-compliant value, the backend fails to mark the account compliant, trapping the account in an infinite forced-password-reset loop and severing all organization management access. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 6.9 reflects the high-privilege prerequisite and pure availability impact with no confidentiality or integrity consequence.
Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.
LDAP injection in OpenBao versions 0.1.0 through 2.5.4 allows an attacker with a valid low-privileged LDAP account to impersonate arbitrary directory users, including administrators, by supplying filter metacharacters in the username field at login. The root cause is a function selection error in `sdk/helper/ldaputil/client.go`: `EscapeLDAPValue()` (RFC 4514, DN escaping) is used in LDAP filter construction instead of `ldap.EscapeFilter()` (RFC 4515), leaving characters `*`, `(`, `)`, `\`, and NUL unescaped and injectable. Publicly available exploit code exists in the vendor advisory; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.
Token exfiltration in dbt-mcp's embedded OAuth helper server (versions before 1.20.0) allows any co-located process or DNS-rebinding attacker to retrieve a victim's full dbt Cloud access and refresh tokens via a single unauthenticated HTTP GET request. Developers running dbt-mcp in OAuth mode on any shared or browser-accessible host are affected for the entire lifetime of the OAuth helper process following a completed login flow. No public exploit identified at time of analysis, though the GitHub security advisory (GHSA-jr33-mw75-7j8f) includes a fully functional Docker-based PoC with step-by-step reproduction artifacts, substantially lowering the exploitation barrier.
Persistent denial-of-service in CoreWCF.Kafka allows any attacker with write access to a consumed Kafka topic to permanently halt message processing by publishing a single null-value (tombstone) record. Affected versions span all CoreWCF.Kafka releases below 1.8.1 and the 1.9.0 release prior to 1.9.1. The consume pump exits without recovery on the uncaught exception, meaning the endpoint remains silently dead until the service process is manually restarted - no exploit code or CISA KEV listing exists at time of analysis.
Server-Side Request Forgery in the Bit Integrations WordPress plugin (all versions through 2.8.7) allows unauthenticated attackers to force the web server to issue arbitrary HTTP requests to internal or external locations via the upload_attachment function. Exploitation enables querying and modifying data from internal services reachable by the web server, including metadata services in cloud environments, internal APIs, or private network endpoints. No public exploit is identified at time of analysis, but the attack requires only a default integration configuration, substantially lowering the practical barrier to exploitation.
Path traversal in Kestra's `inputFiles` task mechanism allows remote attackers to write arbitrary files to the worker filesystem when flows forward untrusted webhook or execution data as file names. Affected across four release branches (prior to 1.3.19, 1.2.19, 1.1.19, and 1.0.43), exploitation depends on a specific flow design pattern but requires no authentication if the target webhook is publicly accessible. No public exploit code or active exploitation has been identified at time of analysis, but the CVSS integrity impact is rated High due to the ability to create or overwrite files outside the task working directory.
Silent UTF-8 rewriting in UltraJSON (ujson) versions up to and including 5.12.1 allows input validation bypass and data integrity corruption when the reject_bytes=False encoding option is used. Malformed or truncated byte sequences - including invalid continuation bytes and over-read sequences - are silently transformed into different, syntactically valid Unicode characters rather than triggering an error, meaning data that exits ujson.dumps() differs from data that entered it. This creates a validation bypass window for any application that validates raw bytes before serialization, and no public exploit has been identified at time of analysis, though the flaw is fully described with reproducible examples in the GHSA advisory.
Grafana Tempo and Enterprise Traces (GET) are vulnerable to an authenticated denial-of-service condition triggered by submitting a TraceQL query containing an excessively large exemplars hint value, causing the Tempo service to allocate unbounded memory until an out-of-memory crash occurs. Any authenticated user with query access - even low-privileged - can exploit this to take down the Tempo tracing backend, disrupting observability pipelines for the entire platform. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Out-of-bounds heap read in libheif's uncompressed HEIF decoder allows a remote attacker to crash any application processing crafted HEIF files. Versions prior to 1.22.1 fail to safely validate icef compressed-unit offsets because the addition of unit_offset + unit_size can integer-wrap, bypassing the range check and permitting a C++ vector to be constructed from iterators pointing outside the compressed item buffer. Exploitation requires a user or automated pipeline to open an attacker-supplied HEIF file; no public exploit or CISA KEV listing exists at time of analysis.
Local named pipe interception in CoreWCF.NetNamedPipe allows an authenticated local attacker to hijack WCF inter-process communication by winning a TOCTOU race condition. Affected versions expose a window between GUID publication to shared memory and named pipe creation, during which an attacker can pre-create the pipe and silently intercept or manipulate all NetNamedPipe transport traffic. No public exploit or active exploitation has been identified; fixed versions 1.8.1 and 1.9.1 are available from the vendor.
OpenBao's transit secrets engine crashes the entire server process when an authenticated caller submits a key-creation request combining an asymmetric key type (rsa-*, ecdsa-*, ed25519) with the derived: true parameter. Affected versions confirmed as 2.5.2 and 2.5.4, with earlier versions also likely vulnerable per the GHSA advisory. The server returns no HTTP response, terminates with exit code 2, and the crash propagates to the entire cluster - making this a high-impact availability denial-of-service requiring only a single authenticated API request. Publicly available exploit code exists in the form of a detailed PoC curl command included in the security advisory; no CISA KEV listing is present at time of analysis.
PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 enables server-side request forgery and local file disclosure through its `attachment` option, which passes any URL-shaped value through PHP's `file_get_contents()` without restricting the URL scheme. Applications that expose the `attachment` option to user-controlled input allow an attacker to probe internal HTTP endpoints (including cloud instance metadata services) and read arbitrary local files by supplying schemes such as `file://` or `php://filter/...`, with exfiltrated content embedded directly into the generated PDF output. This is the same vulnerability class patched in KnpLabs/snappy (GHSA-c5fp-p67m-gq56); no public exploit or CISA KEV listing exists at time of analysis.
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.
Arbitrary file read in Royal Addons for Elementor versions 1.7.1058-1.7.1059 allows authenticated attackers with Contributor-level access to retrieve the contents of any file readable by the PHP process - including wp-config.php and its database credentials - via a crafted wpr-data-table widget saved through Elementor's save_builder endpoint. The flaw is a regression: the vulnerable wpr_get_csv_handle() helper was itself introduced in version 1.7.1058 as the remediation for a prior CVE (CVE-2026-6229), meaning the security patch introduced a new, exploitable path. No public exploit has been identified at time of analysis, but the low privilege bar (Contributor) and high-value disclosure target (database credentials) elevate real-world risk on WordPress sites that permit open or low-friction contributor registration.
Server-Side Request Forgery in the Advanced Import WordPress plugin (all versions through 1.4.6) allows authenticated users holding Author-level access or higher to force the web server to issue HTTP requests to arbitrary internal or external URLs via the demo_download_and_unzip() AJAX handler. The critical design flaw is the inconsistent use of wp_remote_get() instead of WordPress's own wp_safe_remote_get() - which the plugin correctly employs elsewhere - meaning no SSRF-aware URL validation is applied to the 'demo_file' POST parameter when 'demo_file_type' is set to 'url'. No public exploit code has been identified at time of analysis, but the scope change in the CVSS vector reflects that successful exploitation escapes the WordPress application boundary and can reach internal network services, including cloud instance metadata endpoints such as AWS IMDSv1.
Stored Cross-Site Scripting in BetterDocs WordPress plugin (versions ≤4.5.3) allows authenticated contributors to inject persistent malicious scripts via the unescaped blockId attribute of the betterdocs/category-slate-layout Gutenberg block. The injected payload executes in the browser of any visitor who loads the compromised page, enabling session hijacking, credential theft, or admin-level privilege escalation against site operators. No public exploit identified at time of analysis, but the contributor-level authentication threshold makes this accessible on any WordPress site permitting open or shared content authorship.
Stored Cross-Site Scripting in the Creavi Appointment Booking Calendar plugin for WordPress (all versions through 1.4.4) allows authenticated attackers holding Author-level access or higher to permanently inject arbitrary JavaScript via unsanitized custom booking field labels. The malicious payload executes in the browser of any user who subsequently visits a page containing the injected booking form, enabling session hijacking, credential harvesting, or malicious redirects against site visitors and administrators alike. No confirmed active exploitation (not in CISA KEV) and no public exploit code has been identified at time of analysis, though a fix commit is available in the WordPress plugin Trac repository.
Heap use-after-free in the Oj Ruby JSON parser (versions prior to 3.17.3) is triggered when an application toggles the symbol_keys option from true to false on a reused Oj::Parser instance. The opt_symbol_keys_set function frees the internal key cache via cache_free but fails to NULL the d->key_cache pointer, so the next parse call dereferences freed memory through cache_intern, potentially leading to memory disclosure, crashes, or controlled corruption. No public exploit identified at time of analysis, and the issue is documented in GitHub Security Advisory GHSA-2cw7-v8ff-p88r.
HMAC authentication replay in Apache APISIX 3.11.0 through 3.16.0 permits remote attackers who have captured a valid hmac-auth signed token to reuse that token indefinitely, entirely bypassing expiry enforcement under certain plugin configurations. The CVSS 4.0 vector (6.3, AT:P) confirms exploitation depends on a specific hmac-auth configuration condition, limiting blanket exposure but posing significant risk to affected deployments where tokens can be intercepted. No public exploit code or CISA KEV listing has been identified at time of analysis; the fix is available in version 3.17.0 per the Apache security advisory.
Stack-based buffer overflow in the Oj Ruby JSON gem (versions prior to 3.17.3) allows a developer-controlled large :indent value passed to Oj.dump to overwrite up to 2 GB of stack memory, crashing the Ruby process. The flaw is reachable only when application code forwards an untrusted or extreme indent value into Oj.dump, and no public exploit identified at time of analysis demonstrates code execution beyond denial of service.
Heap corruption in the Ruby Oj JSON parser (`Oj.load`) is triggered when applications process attacker-controlled JSON strings larger than 2 GB containing an escape sequence, due to an integer overflow in `read_escaped_str` that wraps a 32-bit length to a negative value and is then cast to `size_t`, causing `memcpy` to copy ~2 GB out of bounds. Versions of the `oj` gem prior to 3.17.3 are affected, and no public exploit identified at time of analysis; CVSS and EPSS are not provided.
Use-after-free in the Oj Ruby JSON gem's SAJ parser allows an attacker who can influence parsed JSON content and the SAJ callback handler to crash the Ruby process and potentially corrupt memory. Oj::Parser fails to protect heap-allocated cached object keys of 35 bytes or more from garbage collection, so a GC cycle triggered from inside a hash_end callback frees the key while C code still holds a dangling VALUE pointer. No public exploit identified at time of analysis, but a working reproducer is published in the GHSA advisory.
Use-after-free in the Oj Ruby JSON gem (≤ 3.17.1) crashes the host process when Oj::Parser is configured in :usual mode with a custom array_class or hash_class. Because parser_mark fails to register those VALUEs with the Ruby GC, the class object can be reclaimed and the next parse() dereferences freed memory, producing a segfault. A reproducer is published in the GHSA advisory; there is no public exploit identified for remote use and the issue is not listed in CISA KEV.
Heap corruption in the Oj Ruby JSON parser allows remote attackers to crash or potentially corrupt memory in applications that parse untrusted JSON with `Oj::Parser` in `:usual` mode when the `create_id` option is enabled. A 65,535-byte object key triggers an integer truncation in `form_attr` (ext/oj/usual.c:63) that turns the buffer length into `(size_t)-1`, causing `memcpy` to write `SIZE_MAX` bytes onto a fixed 65,536-byte cache slab. No public exploit identified at time of analysis beyond the maintainer-supplied reproduction script in GHSA-9cv6-qcjw-4grx.