How fuzzing F3D’s 3D file parser with a dictionary-based libFuzzer harness found four memory corruption vulnerabilities in VTK’s GLTF document loader - two use-after-frees, a heap buffer overflow, and a buffer overread.

Next.js middleware authentication bypass (CVE-2025-29927), LFI for credential extraction, and Terraform provider override for root.