Vulnerability intelligence

CVE-2024-32002 is a vulnerability that affects Git, a widely used revision control system. It exists in versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. The vulnerability involves how Git handles submodules, which can be exploited to write files into the `.git/` directory instead of the intended submodule's worktree. This flaw allows an attacker to craft repositories that, when cloned, can execute a malicious hook during the cloning operation. This occurs because the attacker can write a hook script into the `.git/` directory that will run while the clone operation is still in progress, preventing the user from inspecting the code being executed.

CVE-2026-45829 describes a pre-authentication code injection vulnerability found in version 1.0.0 and later of the ChromaDB Python project. This flaw allows an unauthenticated attacker to execute arbitrary code on the server. The vulnerability is exploited by sending a specially crafted malicious model repository with the `trust_remote_code` parameter set to true to the `/api/v2/tenants/{tenant}/databases/{db}/collections` endpoint. This can lead to the server loading and running the attacker's arbitrary code.

CVE-2026-31694 is identified as a buffer overflow vulnerability within the Linux Kernel's Filesystem in Userspace (FUSE) subsystem. The flaw specifically resides in the `fuse_add_dirent_to_cache()` function. This function is responsible for constructing and copying serialized directory entries into a page-cache page. The vulnerability occurs because `fuse_add_dirent_to_cache()` does not adequately validate that a serialized directory entry will fit entirely within a single page-cache page before performing the copy operation. A malicious FUSE server can exploit this by providing an oversized directory entry, such as one with `namelen=4095`, which results in a 4120-byte record. On systems utilizing 4 KiB pages, this oversized record can cause a 24-byte overflow into the adjacent kernel page. This issue impacts various Linux kernel versions, including 7.1-rc1 and 7.1-rc2.

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

Microsoft Defender Denial of Service Vulnerability

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.