•about 1 hour ago•GHSA-XJVP-7243-RG9H
9.6GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write
A critical path traversal vulnerability in the SCP middleware of the Wish Go library (GHSA-xjvp-7243-rg9h) permits attackers to read and write arbitrary files outside the configured root directory. The flaw originates from insufficient path sanitization in the `fileSystemHandler.prefixed()` method, enabling severe impacts including remote code execution if critical system files are overwritten. Exploitation requires authentication unless the target server explicitly runs without authentication protocols.
3 views•8 min read
•about 2 hours ago•GHSA-JM8C-9F3J-4378
6.1GHSA-jm8c-9f3j-4378: Unauthenticated Email Content Injection in Pretalx Template Engine
Pretalx versions prior to 2026.1.0 contain a template injection vulnerability allowing unauthenticated attackers to embed malformed HTML and Markdown into system-generated emails. By exploiting unsanitized placeholders in the mail generation engine, attackers can spoof trusted communications that pass SPF, DKIM, and DMARC validations.
5 views•6 min read
•about 6 hours ago•GHSA-CJCX-JFP2-F7M2
8.7GHSA-CJCX-JFP2-F7M2: High-Severity Stored XSS in Pretalx Organizer Search Interface
Pretalx versions prior to 2026.1.0 contain a high-severity stored Cross-Site Scripting (XSS) vulnerability within the organizer-facing search interface. Low-privileged users, such as speakers or proposal submitters, can inject malicious JavaScript into their profiles or submissions. When an organizer searches for these records, the application insecurely renders the results using `innerHTML`, leading to arbitrary script execution in the organizer's browser.
4 views•5 min read
•about 7 hours ago•GHSA-9J88-VVJ5-VHGR
6.5GHSA-9j88-vvj5-vhgr: STARTTLS Response Injection and SASL Downgrade in MailKit
MailKit versions prior to 4.16.0 contain a STARTTLS response injection vulnerability. A network-positioned attacker can inject plaintext protocol responses into the client's internal read buffer before the TLS handshake completes, causing the client to process the injected data post-TLS. This flaw typically facilitates SASL mechanism downgrades.
6 views•7 min read
•about 10 hours ago•GHSA-452V-W3GX-72WG
8.7GHSA-452v-w3gx-72wg: Remote Denial of Service via Identity Point Panic in Zebra Zcash Node
The Zebra Zcash node implementation is vulnerable to a critical remote denial-of-service attack due to a logic error in Orchard transaction verification. An unhandled exception occurs when processing the randomized validating key (`rk`) if it is set to the Pallas curve identity point.
4 views•6 min read
•about 10 hours ago•GHSA-29X4-R6JV-FF4W
6.5GHSA-29X4-R6JV-FF4W: Denial of Service via Interrupted JSON-RPC Requests in Zebra zebra-rpc
A Denial of Service (DoS) vulnerability exists in the Zebra Zcash node's JSON-RPC interface. An authenticated attacker can crash the node daemon by abruptly terminating an HTTP request during the payload transmission phase, exploiting unhandled I/O errors in the zebra-rpc crate.
5 views•6 min read
•2 days ago•GHSA-8M29-FPQ5-89JJ
8.8GHSA-8M29-FPQ5-89JJ: Consensus Divergence in Zebra via Improper Sighash Hash-Type Handling
The Zebra Zcash node implementation contains a critical consensus flaw in its handling of transparent transaction Sighash hash types. A refactoring error at the Foreign Function Interface (FFI) boundary omitted necessary validation checks, potentially causing a consensus split between Zebra nodes and the reference zcashd implementation.
9 views•7 min read
•2 days ago•CVE-2026-35402
2.3CVE-2026-35402: Improper Access Control in mcp-neo4j-cypher via Stored Procedure Bypass
CVE-2026-35402 is an improper access control vulnerability in the mcp-neo4j-cypher server. The application implements a read-only mode using a regex-based keyword blocklist, which fails to restrict execution of Cypher stored procedures via the CALL keyword. This allows authenticated users or LLM agents to bypass restrictions, potentially leading to unauthorized data modification and Server-Side Request Forgery.
7 views•5 min read
•2 days ago•GHSA-JP74-MFRX-3QVH
9.9GHSA-jp74-mfrx-3qvh: Authenticated SQL Injection in Saltcorn Mobile Sync Endpoints
A high-severity SQL injection vulnerability in the Saltcorn `@saltcorn/server` package allows low-privileged, authenticated users to execute arbitrary SQL commands. The flaw resides in the `/sync/load_changes` endpoint, where user-controlled input is directly interpolated into database queries without sanitization.
6 views•7 min read
•2 days ago•GHSA-92JP-89MQ-4374
9.8GHSA-92JP-89MQ-4374: Unauthenticated Sandbox Access and Context Leakage in OpenClaw
OpenClaw versions prior to 2026.4.9 suffer from an improper middleware configuration and a sensitive information exposure flaw. This combination allows unauthenticated remote attackers to bypass authorization controls and gain interactive access to the application's sandboxed browser sessions via noVNC.
9 views•8 min read
•2 days ago•GHSA-3G92-F9CH-QJCM
4.0GHSA-3G92-F9CH-QJCM: Cryptographic Hash Collision in Plonky3 p3-symmetric Sponge Construction
The `p3-symmetric` crate in the Plonky3 library implements sponge-based hash functions using cryptographic permutations. Prior to the patch, the library provided a `PaddingFreeSponge` implementation that utilized an overwrite-mode sponge construction without mandatory padding. This construction is not collision-resistant for variable-length inputs, allowing attackers to generate identical internal states for messages of different lengths.
8 views•6 min read
•2 days ago•GHSA-FV5P-P927-QMXR
6.5GHSA-FV5P-P927-QMXR: SSRF via Redirect Bypass in LangChain HTMLHeaderTextSplitter
The `langchain-text-splitters` package prior to version 0.3.5 is vulnerable to Server-Side Request Forgery (SSRF) in the `HTMLHeaderTextSplitter.split_text_from_url` method. The vulnerability arises from an incomplete validation mechanism that checks the initial URL but fails to restrict subsequent HTTP redirects, allowing an attacker to access restricted internal resources and cloud metadata services.
6 views•6 min read