Ghostscript OpenSC and CGIF memory corruption flaws memory corruption flaw
Vulnerability
Summary
Hide ▲
Show ▼
Ghostscript, OpenSC, and CGIF were among the open-source libraries affected by a newly disclosed batch of more than 500 previously unknown high-severity flaws. The weaknesses included a missing bounds check, a buffer overflow, and a heap buffer overflow, with some issues already patched by maintainers. The disclosure matters because it expands remediation work across widely used libraries and exposes deployed software to memory-corruption risk.
Related Happenings
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Widespread end-of-life package exposure across major open-source registries
Target Trend
First: 05.05.2026 17:00
Last: 05.05.2026 17:00
Sources 1
About this happening:
End-of-life open source packages remain widespread across **major registries**, leaving **enterprise dependency graphs** exposed to versions with no patch path and limited CVE cov...
Widespread end-of-life package exposure across major open-source registries
Target TrendAbout this happening: End-of-life open source packages remain widespread across **major registries**, leaving **enterprise dependency graphs** exposed to versions with no patch path and limited CVE cov...
OpenNDS zero-day vulnerabilities (multiple vulnerabilities)
Vulnerability
First: 17.04.2026 16:20
Last: 17.04.2026 16:20
Sources 1
About this happening:
Researchers uncovered **four new zero-day vulnerabilities** in **OpenNDS**, creating unknown-risk exposure in a **widely deployed** software component. The flaws were found using...
OpenNDS zero-day vulnerabilities (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers uncovered **four new zero-day vulnerabilities** in **OpenNDS**, creating unknown-risk exposure in a **widely deployed** software component. The flaws were found using...
MCP STDIO arbitrary command execution security flaw
Vulnerability
First: 16.04.2026 12:40
Last: 16.04.2026 12:40
Sources 1
About this happening:
A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
MCP STDIO arbitrary command execution security flaw
VulnerabilityAbout this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
Anthropic Claude Code source code leak from NPM release
Data Leak
First: 01.04.2026 03:32
Last: 01.04.2026 03:32
Sources 1
About this happening:
Anthropic **mistakenly exposed** proprietary **Claude Code** source code through a **NPM** release, allowing the codebase to be reconstructed and spread online. The leak involved...
Anthropic Claude Code source code leak from NPM release
Data LeakAbout this happening: Anthropic **mistakenly exposed** proprietary **Claude Code** source code through a **NPM** release, allowing the codebase to be reconstructed and spread online. The leak involved...
Latest development: 02.04.2026 23:30
Threat actors are using fake GitHub repositories to exploit the Claude Code source code leak and lure users searching for leaked Claude Code into downloading a 7-Zip archive that launches ClaudeCode_x64.exe and drops Vidar and GhostSocks; Zscaler says the bogus repository is SEO-optimized for Google Search queries like “leaked Claude Code.”
Timeline
-
06.02.2026 07:49 1 articles · 3mo ago
Claude Opus 4.6 flaw disclosure
Technical Analysis UpdateAnthropic disclosed that Claude Opus 4.6 found more than 500 previously unknown high-severity security flaws in open-source libraries including Ghostscript, OpenSC, and CGIF, and said its Frontier Red Team tested the model in a virtualized environment with debuggers and fuzzers, validated every discovered flaw to avoid hallucinations, and used the results to prioritize severe memory-corruption bugs; some defects have already been patched by the respective maintainers, including a CGIF heap buffer overflow fixed in version 0.5.1.
Show sources
- Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries — thehackernews.com — 06.02.2026 07:49