•21 minutes ago•CVE-2026-27590
8.9Lost in Translation: Unicode Path Confusion in Caddy & FrankenPHP
A critical logic flaw in Caddy's FastCGI transport layer allows for Remote Code Execution (RCE) via Unicode case-folding collisions. By exploiting how Go's `strings.ToLower` handles specific Unicode characters, attackers can desynchronize path parsing, tricking the server into executing arbitrary files (like images) as PHP scripts. This affects Caddy and the popular FrankenPHP application server.
2 views•7 min read
•about 1 hour ago•CVE-2026-27586
8.8Caddy Shack: How a Missing File Turns mTLS into an Open Door
A critical logic error in Caddy Server's TLS module causes mutual TLS (mTLS) authentication to fail open if the configured Certificate Authority (CA) file is missing or unreadable. Instead of halting the server, Caddy swallows the error and initializes the TLS configuration with a nil CA pool, defaulting to the system's public trust store.
3 views•6 min read
•about 1 hour ago•CVE-2026-27156
6.1NiceGUI CVE-2026-27156: When F-Strings Build Bridges to Hell
A critical Cross-Site Scripting (XSS) vulnerability in NiceGUI allows attackers to execute arbitrary JavaScript by injecting malicious payloads into method names. The flaw stems from unsafe string interpolation in the Python backend and a dangerous `eval()` fallback in the JavaScript frontend.
2 views•6 min read
•about 2 hours ago•CVE-2026-25989
7.5Magick Tragic: The IEEE 754 Ghost in the Machine (CVE-2026-25989)
A high-severity Denial of Service vulnerability in ImageMagick caused by a fundamental misunderstanding of floating-point precision. By exploiting how doubles are cast to integers, attackers can crash the image processing pipeline using specially crafted SVG files.
3 views•5 min read
•about 2 hours ago•CVE-2026-26066
6.2Infinite Loop, Infinite Pain: Analyzing CVE-2026-26066 in ImageMagick
A logic error in ImageMagick's IPTC metadata parser allows for a trivial Denial of Service (DoS) attack. By supplying a crafted image file, an attacker can trap the processing thread in an infinite loop, causing 100% CPU utilization and potentially taking down image processing pipelines.
9 views•6 min read
•about 3 hours ago•CVE-2026-26283
6.2The Eternal JPEG: Infinite Loops in ImageMagick's Optimization Logic
A critical Denial of Service (DoS) vulnerability in ImageMagick's JPEG encoder allows attackers to trigger an infinite loop by abusing the `jpeg:extent` feature. By forcing a write failure during the file-size optimization process, the application enters a CPU-exhausting cycle that hangs the process indefinitely.
4 views•5 min read
•about 3 hours ago•CVE-2026-26983
5.3Ghost in the Script: Crashing ImageMagick via MSL Use-After-Free
A Use-After-Free (UAF) vulnerability exists in the Magick Scripting Language (MSL) interpreter of ImageMagick. By feeding a malformed XML-based script to the engine, an attacker can trigger memory corruption when the interpreter mishandles the lifecycle of image objects during a map operation. While primarily a Denial of Service (DoS) vector, the unstable nature of UAF bugs in complex parsers always warrants immediate attention.
6 views•5 min read
•about 4 hours ago•CVE-2026-27129
5.7Craft CMS SSRF: The IPv6 Ghost in the Machine
A sophisticated Server-Side Request Forgery (SSRF) bypass in Craft CMS leverages the often-overlooked disparity between legacy PHP networking functions and modern dual-stack infrastructure. By exploiting how `gethostbyname()` handles IPv6-only hostnames, attackers can bypass security filters intended to block internal access, directly targeting cloud metadata services like AWS IMDSv2 via their IPv6 endpoints.
6 views•6 min read
•about 4 hours ago•CVE-2026-27469
6.1Isso... You Have Chosen Death: Analyzing CVE-2026-27469
In the world of self-hosted services, Isso has long been the darling of the static site generation crowd—a lightweight, Python-based commenting server that promised to free us from the tracking claws of Disqus. But as with all things that handle user input, the devil is in the sanitization details. CVE-2026-27469 is a classic Stored Cross-Site Scripting (XSS) vulnerability that highlights a fundamental misunderstanding of Python's standard library. By explicitly telling the HTML escaper *not* to escape quotes, the developers inadvertently handed attackers a key to break out of HTML attributes. Combined with a completely unprotected edit endpoint, this vulnerability turns the humble comment section into a launchpad for browser-based attacks.
7 views•6 min read
•about 5 hours ago•CVE-2026-27571
5.9NATS-Server: The Decompression Doom Loop
NATS-Server, the high-performance messaging system used as the nervous system for countless cloud-native architectures, contains a critical flaw in its WebSocket implementation. By failing to bound memory allocation during the decompression of WebSocket frames, the server exposes itself to a trivial Denial of Service (DoS) attack. An attacker can send a tiny, specially crafted 'compression bomb' packet that expands exponentially in memory, triggering the OOM killer and crashing the service instantly.
4 views•6 min read
•about 5 hours ago•CVE-2026-27574
10.0OneUptime, One Shell: Escaping the node:vm Sandbox
OneUptime, a popular open-source observability platform, suffered from a catastrophic Remote Code Execution (RCE) vulnerability due to a classic misunderstanding of Node.js internals. By allowing users to create custom JavaScript monitors executed via the built-in `node:vm` module, the application inadvertently provided a bridge for attackers to escape the sandbox and execute arbitrary commands on the host. With a CVSS score of 10.0, this flaw allows unauthenticated attackers (via open registration) to fully compromise the underlying infrastructure, stealing database credentials and cluster secrets in seconds.
7 views•5 min read
•about 6 hours ago•CVE-2026-25638
5.3The Silent RAM Killer: Inside the ImageMagick MSL Memory Leak
ImageMagick, the ubiquitous Swiss Army knife of image processing, has stumbled again—not with a high-profile Remote Code Execution (RCE) this time, but with a silent killer: a memory leak in the Magick Scripting Language (MSL) encoder. CVE-2026-25638 allows unauthenticated attackers to exhaust server memory by triggering the `WriteMSLImage` function, leading to a Denial of Service (DoS). While less glamorous than shell access, this vulnerability highlights the dangers of legacy components and improper resource management in C.
8 views•6 min read