•about 1 hour ago•CVE-2026-31431
7.8CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG
CVE-2026-31431, colloquially known as "Copy Fail," is a critical logic flaw in the Linux kernel's Cryptographic API (specifically the `algif_aead` module). It allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the read-only page cache of any accessible file on the system. By corrupting the in-memory representation of SUID binaries, an attacker achieves local privilege escalation to the root user and can successfully escape containerized environments.
30 views•7 min read
•about 9 hours ago•CVE-2026-41680
7.5CVE-2026-41680: Denial of Service via Infinite Recursion in marked Lexer
The marked Node.js Markdown parser versions 18.0.0 and 18.0.1 contain a critical vulnerability where a specific 3-byte sequence triggers infinite recursion. This flaw leads to rapid memory exhaustion and application denial of service.
4 views•6 min read
•about 9 hours ago•GHSA-84G5-X8J3-7235
7.5GHSA-84G5-X8J3-7235: DNS Filter Bypass via Off-by-one Error in Netfoil Suffix Trie
Netfoil versions prior to v0.2.1 contain an off-by-one logic error within the custom suffix trie implementation used for domain matching. This flaw allows an attacker to bypass DNS allowlist configurations by prepending arbitrary characters to approved domain names.
5 views•5 min read
•about 11 hours ago•GHSA-VJGJ-42F6-7997
6.0GHSA-vjgj-42f6-7997: Protection Mechanism Failure via Incomplete Seccomp Sandbox in Netfoil
Netfoil versions prior to v0.2.1 suffer from a protection mechanism failure where the optional seccomp sandbox causes the application to crash or fails to apply due to an incomplete system call whitelist. This flaw neutralizes the intended defense-in-depth mechanisms, leaving the application with standard runtime privileges.
5 views•5 min read
•about 13 hours ago•GHSA-GFG9-5357-HV4C
6.5GHSA-GFG9-5357-HV4C: Local File Read via Unsandboxed Audio Embedding in OpenClaw Gateway
The OpenClaw gateway component prior to version 2026.4.15 contains a Local File Read (LFR) vulnerability due to improper restriction of pathnames to authorized directories. The flaw resides in the webchat audio embedding functionality, which fails to restrict local file resolution to a trusted sandbox directory. An attacker who can influence the media URL of an agent reply can extract arbitrary local files that bypass extension and size filters, exposing sensitive data to the web interface.
8 views•7 min read
•about 13 hours ago•GHSA-C28G-VH7M-FM7V
5.5GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in OpenClaw Command Resolution
OpenClaw contains an improper authorization vulnerability where the framework fails to adequately differentiate between channel-level access rights and administrative command ownership. When a wildcard channel configuration is employed without an explicitly defined owner allowlist, the fallback logic incorrectly grants administrative privileges to any user communicating on that channel.
5 views•7 min read
•1 day ago•CVE-2026-40897
8.8CVE-2026-40897: Remote Code Execution via Array Property Modification in mathjs
A critical vulnerability in the mathjs expression parser permits attackers to bypass sandbox restrictions. By exploiting an improperly controlled modification of dynamically-determined object attributes on Array instances, an attacker can leak the Function constructor and achieve unauthenticated remote code execution.
12 views•7 min read
•2 days ago•GHSA-74M3-9QVM-RP9H
8.8GHSA-74M3-9QVM-RP9H: Arbitrary Host Filesystem Access via Symlink Following in zrok WebDAV
A critical vulnerability in the WebDAV drive backend of openziti/zrok allows unauthenticated or authenticated users to escape the designated shared directory. By creating or interacting with symbolic links, an attacker can achieve arbitrary file read and write access on the host system running the zrok process.
9 views•7 min read
•2 days ago•CVE-2026-3008
6.6CVE-2026-3008: Format String Injection in Notepad++ Localization Parser
Notepad++ version 8.9.3 contains a format string injection vulnerability within its localization configuration parser. The application passes an unvalidated string from the nativeLang.xml file directly to the wsprintfW Windows API function. This flaw allows an attacker to cause an application crash or leak memory addresses by supplying a maliciously crafted language file.
96 views•6 min read
•2 days ago•GHSA-WG4G-395P-MQV3
5.3GHSA-WG4G-395P-MQV3: Cleartext Logging of Sensitive Tool-Call Arguments in n8n-mcp
The n8n-mcp npm package prior to version 2.47.3 contains an information disclosure vulnerability when operating in HTTP mode. The server explicitly logs incoming JSON-RPC request bodies, which exposes sensitive tool-call arguments, including API keys and internal data, to application logs in cleartext.
8 views•6 min read
•3 days ago•GHSA-X2QX-6953-8485
8.8GHSA-x2qx-6953-8485: Argument Injection via Insecure Transformation in GitPython
GitPython versions prior to 3.1.44 contain a high-severity vulnerability in the handling of the `multi_options` parameter during repository clone operations. An insecure string transformation bypasses initial input validation, allowing attackers to inject arbitrary arguments into the underlying Git command and achieve remote code execution.
11 views•6 min read
•3 days ago•GHSA-RPM5-65CW-6HJ4
8.8GHSA-RPM5-65CW-6HJ4: Command Injection via Git Options Bypass in GitPython
GitPython versions prior to 3.1.45 are vulnerable to a command injection flaw due to an architectural logic error in how keyword arguments are sanitized. The library attempts to block dangerous Git options like `--upload-pack` but performs this validation before applying Pythonic underscore-to-hyphen normalization. This allows attackers to bypass the blocklist using underscore-formatted arguments, leading to arbitrary command execution when the underlying Git binary is invoked.
11 views•7 min read