•about 1 hour ago•CVE-2026-34751
9.1CVE-2026-34751: Unvalidated Input in Password Recovery Endpoints in Payload CMS
Payload CMS prior to version 3.79.1 contains a critical vulnerability in its password recovery endpoints. This flaw allows an unauthenticated attacker to manipulate password reset links via Host header injection and exploit partial token matches in database adapters, leading to unauthorized account takeover.
3 views•7 min read
•about 2 hours ago•CVE-2026-34603
7.1CVE-2026-34603: Path Traversal and Link Following in TinaCMS
TinaCMS versions prior to 2.2.2 suffer from a path traversal vulnerability due to improper handling of symbolic links. Attackers with restricted filesystem access can bypass directory boundaries to read, write, or delete arbitrary files on the host system.
2 views•6 min read
•about 3 hours ago•CVE-2026-34604
7.1CVE-2026-34604: Path Validation Bypass via Symlinks in @tinacms/graphql
The @tinacms/graphql package before version 2.2.2 is vulnerable to a path traversal attack due to improper symlink validation. An authenticated attacker can read, write, or delete files outside the intended content root if a symbolic link exists.
2 views•7 min read
•about 4 hours ago•GHSA-5724-X3RH-5QQQ
7.6CVE-2025-46349: Reflected Cross-Site Scripting in YesWiki File Upload
YesWiki versions prior to 4.5.4 contain multiple Reflected Cross-Site Scripting (XSS) vulnerabilities due to improper neutralization of user-supplied input. An unauthenticated attacker can execute arbitrary JavaScript in a victim's session by crafting a malicious URL containing a payload within the file parameter.
4 views•6 min read
•about 19 hours ago•CVE-2026-34605
8.6CVE-2026-34605: Reflected Cross-Site Scripting via SVG Namespace Bypass in SiYuan
SiYuan personal knowledge management system versions 3.6.0 through 3.6.1 contain a high-severity Reflected Cross-Site Scripting (XSS) vulnerability. The flaw exists in the SVG sanitization logic within the `/api/icon/getDynamicIcon` endpoint, where an attacker can bypass tag blocklists using XML namespace prefixes. Successful exploitation allows unauthenticated attackers to execute arbitrary JavaScript in the context of the victim's session.
9 views•6 min read
•about 19 hours ago•CVE-2026-33578
4.3CVE-2026-33578: Sender Policy Bypass via Incorrect Authorization in OpenClaw Extensions
OpenClaw versions prior to 2026.3.28 contain a vulnerability in the `googlechat` and `zalouser` extensions that allows unauthorized users to bypass sender policy restrictions. A logic error in policy resolution causes route-level group allowlists to silently downgrade to an "open" policy if no specific sender-level allowlist is configured.
6 views•6 min read
•about 20 hours ago•CVE-2026-32734
7.1CVE-2026-32734: DOM-Based Cross-Site Scripting in baserCMS Tag Creation
baserCMS versions prior to 5.2.3 contain a DOM-based Cross-Site Scripting (XSS) vulnerability within the administrative dashboard's tag creation functionality. The vulnerability stems from the unsafe handling of JSON API responses using jQuery's `.html()` method, allowing attackers to execute arbitrary JavaScript in the context of an administrator's session.
7 views•7 min read
•about 21 hours ago•CVE-2026-21861
9.1CVE-2026-21861: Authenticated OS Command Injection in baserCMS Core Update Feature
baserCMS versions prior to 5.2.3 are vulnerable to an authenticated OS Command Injection flaw in the core update mechanism. An attacker with administrator privileges can execute arbitrary system commands via the `php` POST parameter during the update process. The vulnerability stems from insecure direct concatenation of user-supplied input into the PHP `exec()` function without appropriate sanitization or escaping.
9 views•6 min read
•about 22 hours ago•GHSA-39MP-545Q-W789
5.4GHSA-39MP-545Q-W789: Improper Authorization in OpenClaw /send Command
An authorization bypass vulnerability in the OpenClaw personal AI assistant ecosystem allows non-owner users with generic command permissions to persistently modify session-specific message delivery policies. By issuing the `/send` command, attackers can silence the agent or force unintended message delivery.
11 views•6 min read
•1 day ago•CVE-2026-34377
8.4CVE-2026-34377: Consensus Split Vulnerability in Zebra Transaction Verification Cache
A logic error in the Zebra transaction verification cache for Zcash V5 transactions leads to improper signature validation. By exploiting the discrepancy between the mined transaction ID and the full authorization root, a malicious miner can force vulnerable Zebra nodes to accept invalid blocks, resulting in a network consensus split.
4 views•6 min read
•1 day ago•GHSA-955R-262C-33JC
9.4CVE-2026-33634: Supply Chain Compromise and Malicious Code Execution in Telnyx Python SDK
The official Telnyx Python SDK (telnyx) on PyPI was compromised in a supply chain attack by the threat actor TeamPCP. Versions 4.87.1 and 4.87.2 contain embedded malicious code that executes upon import, utilizing WAV audio steganography to deploy secondary payloads for credential harvesting and persistence.
5 views•6 min read
•1 day ago•CVE-2026-34385
6.2CVE-2026-34385: Second-Order SQL Injection in Fleet Apple MDM Profile Delivery
Fleet open-source device management software prior to version 4.81.0 contains a second-order SQL injection vulnerability in its Apple MDM profile delivery pipeline. An attacker with a valid MDM enrollment certificate can exploit this flaw to execute arbitrary database modifications.
5 views•5 min read