•about 2 hours ago•CVE-2026-28291
8.1CVE-2026-28291: Command Execution via Option-Parsing Bypass in simple-git
CVE-2026-28291 is a high-severity OS command injection vulnerability in the simple-git (git-js) library, resulting from an incomplete remediation of CVE-2022-25860. The vulnerability allows attackers to bypass regex-based security filters using Git's short-option bundling, leading to arbitrary command execution on the host system.
1 views•7 min read
•about 2 hours ago•CVE-2026-23891
9.3CVE-2026-23891: Critical Stored Cross-Site Scripting (XSS) in Decidim User Profiles
Decidim versions prior to 0.30.5 and 0.31.1 suffer from a critical stored Cross-Site Scripting (XSS) vulnerability. The framework fails to properly sanitize user-provided names and nicknames before rendering them across multiple contexts, including public comments, notifications, and highly privileged administrative audit logs. This allows authenticated attackers with standard participant privileges to execute arbitrary JavaScript in the context of other users, leading to session hijacking and administrative account takeover.
2 views•7 min read
•about 10 hours ago•CVE-2026-27654
8.2CVE-2026-27654: Heap-based Buffer Overflow in NGINX ngx_http_dav_module via Integer Underflow
CVE-2026-27654 is a critical vulnerability in the NGINX Open Source and NGINX Plus ngx_http_dav_module. An integer underflow in the processing of WebDAV COPY and MOVE requests triggers a heap-based buffer overflow. This flaw enables denial of service via worker process termination and arbitrary file manipulation outside the document root.
7 views•6 min read
•2 days ago•CVE-2026-40097
3.7CVE-2026-40097: Index Out-of-Bounds Panic in Step CA TPM Attestation
Step CA versions prior to 0.30.0-rc3 contain a vulnerability (CWE-129) where processing a malformed TPM Attestation Key certificate results in a Go runtime panic. This flaw causes a Denial of Service condition when the device-attest-01 ACME challenge is enabled and triggered by an unauthenticated attacker.
3 views•7 min read
•2 days ago•CVE-2026-40109
3.1CVE-2026-40109: Improper Authentication in Flux notification-controller GCR Receiver
The Flux notification-controller prior to version 1.8.3 suffers from improper authentication in its Google Container Registry (GCR) Receiver webhook logic. The controller verified Google OIDC token signatures but failed to validate the identity (email) and audience (aud) claims, allowing unauthorized triggering of resource reconciliations by anyone possessing a valid Google OIDC token and the target webhook URL.
3 views•7 min read
•2 days ago•GHSA-6V7Q-WJVX-W8WG
8.1GHSA-6V7Q-WJVX-W8WG: Arbitrary FTP Command Execution via CRLF Injection in basic-ftp
The basic-ftp npm package prior to version 5.2.2 contains a CRLF injection vulnerability due to incomplete input validation. This flaw allows an attacker who controls credentials or directory inputs to execute arbitrary FTP commands on the target server.
6 views•6 min read
•2 days ago•GHSA-FFQ7-898W-9JC4
6.1GHSA-FFQ7-898W-9JC4: Stored Cross-Site Scripting via SVG Upload in DotNetNuke
DotNetNuke (DNN) suffers from a high-severity stored Cross-Site Scripting (XSS) vulnerability due to inadequate sanitization of Scalable Vector Graphics (SVG) files during the upload process. Authenticated users with file upload permissions can embed arbitrary JavaScript within SVG payloads, which execute in the security context of the DNN application when viewed by other users, including administrators.
3 views•8 min read
•2 days ago•CVE-2026-40194
3.7CVE-2026-40194: Observable Timing Discrepancy in phpseclib SSH2 HMAC Verification
CVE-2026-40194 identifies a timing side-channel vulnerability in the phpseclib library's SSH2 implementation. The vulnerability arises from the use of a variable-time string comparison operation during HMAC validation. This theoretical flaw allows an attacker to measure processing time discrepancies to infer information about the expected cryptographic signature, though protocol-level constraints prevent practical remote exploitation.
13 views•7 min read
•2 days ago•CVE-2026-40242
7.2CVE-2026-40242: Unauthenticated Server-Side Request Forgery in Arcane Template Fetch Mechanism
Arcane, a web-based interface for managing Docker environments, contains a high-severity unauthenticated Server-Side Request Forgery (SSRF) vulnerability. Prior to version 1.17.3, the application exposed the `/api/templates/fetch` endpoint without authentication, allowing remote attackers to force the server to perform outbound HTTP GET requests to arbitrary destinations. The vulnerability exposes internal network services, cloud provider metadata endpoints, and internal application states through robust error-based side-channels and direct response reflection.
3 views•5 min read
•2 days ago•GHSA-75HX-XJ24-MQRW
7.5GHSA-75HX-XJ24-MQRW: Unauthenticated Access and Information Exposure in n8n-mcp HTTP Transport
The n8n-mcp package prior to version 2.47.6 suffers from missing authentication checks and information disclosure vulnerabilities. Unauthenticated attackers can exploit exposed health endpoints to extract active session identifiers, and subsequently terminate or interact with Model Context Protocol (MCP) sessions.
6 views•6 min read
•2 days ago•CVE-2026-5412
9.9CVE-2026-5412: Broken Access Control in Juju API Leads to Cloud Credential Leak
CVE-2026-5412 is a critical improper authorization vulnerability within the Canonical Juju API server. Low-privileged authenticated users can bypass authorization controls via the Controller facade to extract plaintext bootstrap cloud credentials, leading to total compromise of the underlying cloud environment.
7 views•7 min read
•2 days ago•CVE-2026-5774
6.1CVE-2026-5774: Race Condition and Denial of Service in Canonical Juju API Server
Canonical Juju is affected by a medium-severity race condition vulnerability (CWE-362) within its API server. The vulnerability allows an authenticated attacker to trigger concurrent memory access violations in the Go runtime, resulting in an unrecoverable fatal panic and Denial of Service (DoS), or to bypass single-use token constraints via an authentication replay attack.
6 views•7 min read