•about 4 hours ago•GHSA-74P7-6H78-GW8P
8.6GHSA-74P7-6H78-GW8P: Multiple Critical Security Flaws in skillctl Agent-Skill Manager
An in-depth security audit of the skillctl command-line package manager revealed five critical and high-severity security vulnerabilities. The identified flaws span parameter-level command argument injection via the source_sha parameter, uncontrolled resource consumption (Denial of Service) through unnamed UNIX FIFOs and character devices, directory path traversal in the destination argument, commit-message trailer forgery via newline injection in skill names, and local credential exfiltration leveraging UNIX hardlinks. These vulnerabilities represent significant vectors for workstation compromise when executing agentic tasks in repositories containing untrusted files or pull requests. Remediation was introduced in version v0.1.3.
4 views•6 min read
•about 8 hours ago•CVE-2026-48153
8.5CVE-2026-48153: Server-Side Request Forgery in Budibase OAuth2 SDK
CVE-2026-48153 is a Server-Side Request Forgery (SSRF) vulnerability in the Budibase OAuth2 SDK prior to version 3.39.0. It allows authenticated low-privileged users to bypass outbound network security blacklists and send arbitrary requests to internal subnets or cloud metadata services.
8 views•7 min read
•about 9 hours ago•GHSA-GHMH-JHMJ-WCMF
5.1GHSA-GHMH-JHMJ-WCMF: Plaintext Storage of Enrollment Tokens at Rest in SQLite in nebula-mesh
The self-hosted Slack Nebula VPN control plane, nebula-mesh, stored high-privilege enrollment tokens in plaintext inside its SQLite database. This flaw allowed any adversary with read access to the database to retrieve pending tokens and enroll unauthorized hosts into the secure VPN mesh.
4 views•8 min read
•about 18 hours ago•GHSA-HVQH-JW65-WCPQ
6.1GHSA-HVQH-JW65-WCPQ: Cross-Site Scripting (XSS) in devbridge-autocomplete
The devbridge-autocomplete package (jQuery-Autocomplete) fails to escape category headers and suggestion values when using default formatters formatGroup and formatResult. If suggestions contain untrusted input, arbitrary HTML and JavaScript execute directly in the victim's browser session.
4 views•6 min read
•about 22 hours ago•CVE-2024-37155
6.5CVE-2024-37155: Security Bypass in OpenCTI GraphQL Introspection via Whitespace and Control Character Manipulation
OpenCTI versions prior to 6.1.9 fail to properly restrict GraphQL schema introspection queries due to a weak pattern-matching implementation. An unauthenticated attacker can bypass the introspection block list by stripping whitespace and carriage returns, enabling complete reconnaissance of the GraphQL schema.
6 views•5 min read
•about 23 hours ago•CVE-2025-58048
10.0CVE-2025-58048: Remote Code Execution via Unrestricted Ticket Attachment Uploads in Paymenter
An unrestricted file upload vulnerability in Paymenter's support ticket system (prior to version 1.2.11) allows authenticated users to upload arbitrary PHP scripts to a web-accessible directory. The application fails to validate file extensions or MIME types before storing the files, enabling remote code execution under the web server's privilege context.
7 views•5 min read
•1 day ago•CVE-2026-21887
7.7CVE-2026-21887: Server-Side Request Forgery in OpenCTI Data Ingestion Component
A technical analysis of CVE-2026-21887, a Server-Side Request Forgery (SSRF) vulnerability in OpenCTI. The flaw occurs in the platform's data ingestion mechanism, which processes user-supplied feed URLs via Axios under a default configuration. Authenticated users with low privileges can exploit this to pivot into internal infrastructure, target metadata services, and scan private networks.
6 views•7 min read
•1 day ago•GHSA-6GQW-JQV7-V88M
7.2GHSA-6GQW-JQV7-V88M: Multi-Tenant Isolation Bypass in stigmem-node via Missing SQL Tenant Predicates
A critical vulnerability exists in the stigmem-node package when running the opt-in stigmem-plugin-multi-tenant plugin. Due to a failure to enforce tenant-scoping filters on database queries within the decay sweep, quarantine moderation, and right-to-be-forgotten (RTBF) subsystems, an authorized caller belonging to one tenant can access, modify, and delete facts belonging to all other tenants. This broken object level authorization (BOLA) vulnerability allows cross-tenant data manipulation and information leakage.
6 views•6 min read
•1 day ago•GHSA-V3F4-W7R7-V3HM
8.6GHSA-v3f4-w7r7-v3hm: Remote Command Execution via Origin Validation Error in Uni-CLI Legacy HTTP Transport
An origin validation error and cross-site request forgery vulnerability in @zenalexa/unicli prior to version 0.225.2 allows cross-origin web applications to execute arbitrary tools on a user's local machine via the legacy stateless HTTP transport.
6 views•7 min read
•1 day ago•GHSA-C795-2G9C-J48M
8.2GHSA-C795-2G9C-J48M: Remote Path Traversal and Arbitrary File Write in EverOS Memory Ingestion
EverOS versions 1.0.0 and earlier contain a path traversal vulnerability in the user memory ingestion endpoint. By exploiting this flaw, unauthenticated network attackers can escape the designated database memory root and write arbitrary Markdown files to target directories on the local system.
6 views•6 min read
•1 day ago•GHSA-X975-RGX4-5FH4
8.2GHSA-X975-RGX4-5FH4: Unescaped Locator Data Cross-Site Scripting in appium-mcp MCP-UI Resource
GHSA-X975-RGX4-5FH4 is a high-severity Cross-Site Scripting (XSS) vulnerability residing in the Model Context Protocol (MCP) User Interface (UI) component of appium-mcp, an NPM package integrating Appium with MCP clients. The flaw exists within the createLocatorGeneratorUI utility function, which renders UI metadata directly into an HTML template page without performing sanitization or encoding. Because MCP clients use window.parent.postMessage to send commands from the UI to the host, this XSS can be escalated to trigger arbitrary MCP tool calls, potentially leading to Remote Code Execution (RCE) on the host running the MCP client.
8 views•6 min read
•1 day ago•GHSA-H3M5-97JQ-QJRF
9.6GHSA-H3M5-97JQ-QJRF: Insecure Direct Object Reference (IDOR) Cross-Realm Bulk Alarm Deletion in OpenRemote Manager
An Insecure Direct Object Reference (IDOR) and missing authorization flaw in OpenRemote Manager allows an authenticated, low-privilege multi-tenant user to execute cross-realm bulk alarm deletion, resulting in permanent destruction of safety-critical alarms belonging to other tenants.
7 views•7 min read