Labs
Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.
- highCVE-2026-49986
CVE-2026-49986: neuro-cortex-memory Untrusted Project Bootstrap Code Execution
The Cortex MCP server treats any project directory open in Claude Code as a trusted source of executable code, letting an attacker drop a Python script into a crafted repository and have it run automa
- highCVE-2022-46290
CVE-2022-46290: Open Babel ORCA Parser Heap Buffer Overflow
A crafted ORCA chemistry file can trick Open Babel into writing past the end of a heap buffer, potentially allowing an attacker to execute arbitrary code on any system that parses untrusted files with
- highCVE-2022-46291
CVE-2022-46291: Open Babel Gaussian Parser Stack Buffer Overflow via translationVectors
A crafted Gaussian output file can write past the end of a 3-element stack array in Open Babel's chemistry file parser, potentially giving an attacker arbitrary code execution.
- highCVE-2026-49857
CVE-2026-49857: auth-fetch-mcp SSRF Protection Bypass via IPv4-mapped IPv6 Loopback
A flaw in auth-fetch-mcp's private-IP blocklist lets an attacker reach loopback and internal services by disguising the target address as an IPv4-mapped IPv6 literal, which Node.js silently rewrites i
- highCVE-2026-49864
CVE-2026-49864: wetty DOM XSS via File-Download Filename
A crafted terminal escape sequence lets anyone who can write output to a wetty session inject HTML into the browser and silently type arbitrary commands into the victim's SSH shell.
- highCVE-2022-46293
CVE-2022-46293: Open Babel MOPAC Output Parser Stack Buffer Overflow
Open Babel's MOPAC output reader lets an attacker overflow a fixed-size stack array by placing more than three translation-vector triplets in a crafted 'FINAL POINT AND DERIVATIVES' block, which can l
- highCVE-2022-46294
CVE-2022-46294: Open Babel MOPAC Cartesian Out-of-Bounds Write
A crafted MOPAC Cartesian file with more than three Tv (translation-vector) entries overflows a fixed-size stack array in Open Babel, enabling arbitrary code execution in any application that parses u
- highCVE-2022-46295
CVE-2022-46295: Open Babel MSI Parser Stack Buffer Overflow
A crafted MSI chemistry file can overflow a fixed-size stack array in Open Babel's MSI parser, letting an attacker write arbitrary data past the end of the buffer and potentially execute code.
- highCVE-2026-46487
CVE-2026-46487: GeoNetwork Elasticsearch Search ACL Bypass via Missing Query Field
An unauthenticated attacker can retrieve restricted metadata records from GeoNetwork by sending a search request that omits the query field, causing the access-control filter injection to be skipped e
- highCVE-2025-10997
CVE-2025-10997: Open Babel Heap Buffer Overflow in ChemKin Parser
A crafted ChemKin reaction file can corrupt heap memory in Open Babel's species-lookup code, crashing any application that parses untrusted chemistry files.
- highCVE-2022-37331
CVE-2022-37331: Open Babel Gaussian Output Parser Stack Buffer Overflow
A crafted Gaussian output file can overflow a fixed-size stack buffer in Open Babel's orientation block parser, letting an attacker write arbitrary data onto the stack and potentially execute code.
- highCVE-2022-42885
CVE-2022-42885: Open Babel GRO Parser Uninitialized Pointer Dereference
A crafted GROMACS .gro file can make Open Babel dereference an uninitialized residue pointer while parsing atom records, crashing the process and potentially enabling arbitrary code execution.