•about 4 hours ago•GHSA-J5W5-568X-RQ53
9.8GHSA-J5W5-568X-RQ53: Remote Code Execution via Command Injection in @evomap/evolver
The @evomap/evolver NPM package contains a critical command injection vulnerability in its _extractLLM utility function. Applications passing unsanitized input to this function are vulnerable to unauthenticated remote code execution, allowing attackers to execute arbitrary system commands with the privileges of the Node.js process.
6 views•6 min read
•about 5 hours ago•GHSA-R466-RXW4-3J9J
8.1GHSA-r466-rxw4-3j9j: Path Traversal and Arbitrary File Write in Evolver fetch Command
The @evomap/evolver npm package prior to version 1.69.3 contains a critical path traversal vulnerability in its `fetch` command. Unsanitized input passed to the `--out` command-line flag allows an attacker to escape the intended directory structure and write arbitrary files to any location writable by the Node.js process.
5 views•7 min read
•about 6 hours ago•GHSA-WGX6-G857-JJF7
8.1GHSA-WGX6-G857-JJF7: Authentication Bypass and Privilege Escalation in OpenC3 COSMOS via Token-Password Interchangeability
OpenC3 COSMOS contains a critical authentication vulnerability where session tokens and user passwords are treated interchangeably by the internal credential verification mechanism. An attacker possessing a valid session token can use that token to bypass the "old password" requirement during a password reset operation. This leads to persistent account takeover and locks the legitimate user out of the affected account.
5 views•7 min read
•about 7 hours ago•GHSA-4JVX-93H3-F45H
ModerateGHSA-4jvx-93h3-f45h: Path Traversal and Arbitrary File Write in OpenC3 COSMOS
OpenC3 COSMOS suffers from a path traversal vulnerability in its configuration management system. Insufficient validation of the tool and name parameters allows an attacker to write arbitrary files into the shared plugins directory, compromising system integrity.
5 views•5 min read
•about 8 hours ago•GHSA-FFQ5-QPVF-XQ7X
5.4GHSA-ffq5-qpvf-xq7x: Self-Cross-Site Scripting via Unsafe eval() in OpenC3 COSMOS Command Sender
OpenC3 COSMOS versions prior to 7.0.0 contain a vulnerability in the Command Sender UI where array-like command parameters are processed using the unsafe eval() function. This design flaw permits the execution of arbitrary JavaScript within the user's browser context.
4 views•6 min read
•about 15 hours ago•GHSA-HPPC-G8H3-XHP3
7.5GHSA-HPPC-G8H3-XHP3: Out-of-Bounds Read via Unchecked Callback Length in rust-openssl
The `openssl` crate for Rust contains a critical memory disclosure vulnerability within its FFI trampolines for Pre-Shared Key (PSK) and TLS/DTLS cookie callbacks. By failing to validate the return length from user-provided closures, the library allows OpenSSL to perform an out-of-bounds read. This flaw enables an unauthenticated remote attacker to extract adjacent heap or stack memory during the TLS handshake process.
10 views•6 min read
•about 15 hours ago•GHSA-MGCP-MFP8-3Q45
N/AGHSA-MGCP-MFP8-3Q45: Path Traversal and URL Injection in i18next-locize-backend
The i18next-locize-backend package prior to version 9.0.2 is vulnerable to path traversal and URL injection via unsanitized template interpolation. Attackers can control parameters such as language or namespace to manipulate API request URLs, potentially leading to arbitrary resource access or local file read.
7 views•7 min read
•about 16 hours ago•CVE-2026-41651
8.8CVE-2026-41651: Local Privilege Escalation via TOCTOU Race Condition in PackageKit
CVE-2026-41651, internally tracked as Pack2TheRoot, is a high-severity local privilege escalation vulnerability in the PackageKit daemon (packagekitd). The flaw involves a Time-of-Check Time-of-Use (TOCTOU) race condition in D-Bus transaction handling that permits local unprivileged users to bypass Polkit authorization and install arbitrary packages as root.
23 views•6 min read
•about 16 hours ago•CVE-2026-33471
9.6CVE-2026-33471: Consensus Quorum Bypass via Integer Truncation in Nimiq core-rs-albatross
An integer truncation vulnerability in the Nimiq Albatross Proof-of-Stake implementation allows a malicious validator to bypass the 2f+1 consensus quorum requirement. By crafting a BitSet with out-of-bounds indices that alias to the same 16-bit validator slot, an attacker can forge valid multi-signatures to finalize arbitrary blocks or manipulate chain liveness.
11 views•6 min read
•about 17 hours ago•CVE-2026-25996
9.8CVE-2026-25996: Terminal Escape Sequence Injection in Inspektor Gadget
Inspektor Gadget versions prior to 0.49.1 are vulnerable to a Terminal Escape Sequence Injection (CWE-150) in the default columns output mode. The tool fails to sanitize string fields retrieved from eBPF trace events before printing them to the terminal. Attackers operating within monitored containers can exploit this by injecting ANSI control sequences into system events, enabling log spoofing, defense evasion, and potential arbitrary command execution on the operator's terminal.
8 views•9 min read
•about 18 hours ago•CVE-2026-24905
7.8CVE-2026-24905: Command Injection in Inspektor Gadget Image Builder
Inspektor Gadget versions prior to 0.48.1 contain a command injection vulnerability in the `ig image build` command. The parsing logic for the `build.yml` manifest file improperly sanitizes the `cflags` field before passing it to an underlying `make` process. This allows attackers who control the manifest file to execute arbitrary OS commands within the context of the build environment.
8 views•5 min read
•1 day ago•CVE-2026-40372
9.1CVE-2026-40372: ASP.NET Core Elevation of Privilege Vulnerability
A critical Elevation of Privilege (EoP) vulnerability exists in the Microsoft.AspNetCore.DataProtection library within ASP.NET Core 10.0. A logic flaw in the cryptographic signature verification routine of the Managed Authenticated Encryptor allows unauthorized attackers to bypass integrity checks by submitting an all-zero HMAC, enabling the forgery of protected payloads such as authentication cookies and antiforgery tokens.
64 views•6 min read