•about 1 hour ago•CVE-2026-34197
8.8CVE-2026-34197: Remote Code Execution in Apache ActiveMQ via Jolokia JMX-HTTP Bridge
CVE-2026-34197 is a critical remote code execution vulnerability in Apache ActiveMQ Classic affecting versions prior to 5.19.4 and the 6.x branch before 6.2.3. Attackers exploit the Jolokia JMX-HTTP bridge to force the BrokerService MBean to load a malicious Spring XML configuration file, leading to arbitrary code execution on the broker's JVM.
4 views•6 min read
•about 3 hours ago•GHSA-MR34-9552-QR95
8.6GHSA-mr34-9552-qr95: Arbitrary File Disclosure and NTLM Leak in OpenClaw Webchat Media Processing
OpenClaw versions prior to 2026.4.15 contain a critical path traversal and security containment bypass vulnerability. The gateway fails to enforce local filesystem boundaries when processing tool-result media payloads, enabling malicious plugins to disclose arbitrary files or leak Windows NTLM credentials via outbound Server Message Block (SMB) requests.
2 views•6 min read
•about 4 hours ago•GHSA-F934-5RQF-XX47
4.3GHSA-f934-5rqf-xx47: Arbitrary Workspace File Read via Path Restriction Bypass in OpenClaw
OpenClaw versions prior to 2026.4.14 contain an improper path limitation vulnerability in the QMD memory management component. The memory_get tool allows authenticated actors to bypass intended intra-workspace access controls and read arbitrary Markdown files stored within the application workspace.
4 views•6 min read
•about 4 hours ago•GHSA-8Q4H-8CRM-5CVC
9.8GHSA-8q4h-8crm-5cvc: Remote Command Execution via Command Injection in elFinder ImageMagick CLI Integration
A critical command injection vulnerability in the elFinder web file manager allows unauthenticated remote attackers to execute arbitrary system commands. This flaw occurs when elFinder is configured to use the ImageMagick CLI driver, due to improper sanitization of the background color parameter during image resize operations.
4 views•7 min read
•about 10 hours ago•GHSA-V38X-C887-992F
9.8GHSA-V38X-C887-992F: Remote Code Execution in Flowise Airtable Agent
Flowise versions up to and including 3.0.13 are vulnerable to a critical remote code execution (RCE) flaw in the Airtable Agent component. The vulnerability arises from improper validation of dynamic Python code executed via the Pandas library, allowing an unauthenticated attacker to execute arbitrary operating system commands.
4 views•7 min read
•about 11 hours ago•GHSA-H39G-6X3C-7FQ9
5.9GHSA-h39g-6x3c-7fq9: Path Confinement Bypass in Zio SubFileSystem
The Zio library for .NET contains a path confinement bypass vulnerability allowing attackers to escape the SubFileSystem restricted directory structure. An attacker can use trailing slashes and traversal segments to read and write files in the parent filesystem.
5 views•5 min read
•about 12 hours ago•GHSA-QRR6-MG7R-M243
7.8GHSA-QRR6-MG7R-M243: Argument Injection and Remote Code Execution in PHPUnit JobRunner
An argument injection vulnerability exists in PHPUnit's JobRunner component due to improper neutralization of metacharacters in PHP INI configuration values. This flaw allows an attacker to inject arbitrary INI directives during process forking, potentially leading to remote code execution within the context of continuous integration environments or testing workers.
4 views•8 min read
•about 13 hours ago•GHSA-6G38-8J4P-J3PR
9.3GHSA-6G38-8J4P-J3PR: Account Takeover via OAuth Email Verification Bypass in Nhost
Nhost is vulnerable to a critical Improper Authentication flaw (CWE-287) that permits full account takeover. The vulnerability exists in the OAuth authentication flow, where multiple provider adapters fail to enforce email verification checks before automatically linking incoming external identities to existing local accounts.
5 views•7 min read
•about 13 hours ago•GHSA-F58V-P6J9-24C2
8.8GHSA-f58v-p6j9-24c2: Authenticated SQL Injection in YesWiki Bazar Module
An authenticated SQL Injection vulnerability exists in the Bazar module of YesWiki. The flaw allows authenticated attackers to execute arbitrary SQL commands via the `id_fiche` parameter, potentially resulting in full database compromise.
5 views•5 min read
•about 14 hours ago•CVE-2026-6437
6.5CVE-2026-6437: Mount Option Injection in Amazon EFS CSI Driver
The Amazon EFS CSI Driver contains an argument injection vulnerability (CWE-88) in versions prior to v3.0.1. Unsanitized values in the volumeHandle and mounttargetip fields allow authenticated users with PersistentVolume creation permissions to inject arbitrary mount options.
3 views•7 min read
•about 14 hours ago•GHSA-MJW2-V2HM-WJ34
8.3GHSA-MJW2-V2HM-WJ34: SQL Injection in Dagster Dynamic Partitions
A high-severity SQL injection vulnerability in Dagster's database I/O manager integrations allows users with dynamic partition creation privileges to execute arbitrary SQL commands. This flaw affects the DuckDB, Snowflake, BigQuery, and DeltaLake integrations due to improper sanitization of dynamic partition keys.
4 views•6 min read
•about 16 hours ago•GHSA-XJVP-7243-RG9H
9.6GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write
A critical path traversal vulnerability in the SCP middleware of the Wish Go library (GHSA-xjvp-7243-rg9h) permits attackers to read and write arbitrary files outside the configured root directory. The flaw originates from insufficient path sanitization in the `fileSystemHandler.prefixed()` method, enabling severe impacts including remote code execution if critical system files are overwritten. Exploitation requires authentication unless the target server explicitly runs without authentication protocols.
5 views•8 min read