Published CVEs

11 vulnerabilities responsibly disclosed by our research team. Real findings, real impact.

11

CVEs

5

Products

11

Via Daylight Engine

OpenSSH

1
CVE-2026-35388lowDaylight Engine

CWE-420 — ControlMaster ask mux-proxy confirmation bypass (fixed in OpenSSH 10.3p1)

Sole discovery

Samba

1
CVE-2026-3012highDaylight Engine

GP cert auto-enrollment plain-HTTP root-CA injection (all Samba >= 4.16)

Additional reporter (w/ DREAM Team)

libheif

1
CVE-2026-49271mediumDaylight Engine

Integer-overflow range-check bypass leads to OOB read in HEIF decoder (ships in KDE/Qt/ImageMagick)

Sole reporter

netatalk

4
CVE-2026-49387highDaylight Engine

Unauthenticated Spotlight-RPC heap OOB read via unbounded element count in sl_unpack_ints

Sole reporter

CVE-2026-49388highDaylight Engine

Unauthenticated Spotlight-RPC heap OOB read via unbounded toc_index in sl_unpack_loop

Sole reporter

CVE-2026-49389lowDaylight Engine

afp_catsearch in-arena heap over-read

Sole reporter

CVE-2026-49390lowDaylight Engine

Missing range validation on server quantum config leads to DoS

Sole reporter

stable-diffusion.cpp

4
CVE-2026-47747highDaylight Engine

BINUNICODE heap overflow in .ckpt pickle parser

Sole reporter

CVE-2026-47748mediumDaylight Engine

Out-of-bounds reads in pickle parser

Sole reporter

CVE-2026-47749highDaylight Engine

SHORT_BINUNICODE heap overflow

Sole reporter

CVE-2026-47750highDaylight Engine

GLOBAL opcode heap overflow

Sole reporter

These CVEs were discovered through our security research program. The same techniques and tools power the scans we run for our clients.

Get your free report