•26 minutes ago•GHSA-8Q4H-8CRM-5CVC
9.8GHSA-8q4h-8crm-5cvc: Remote Command Execution via Command Injection in elFinder ImageMagick CLI Integration
A critical command injection vulnerability in the elFinder web file manager allows unauthenticated remote attackers to execute arbitrary system commands. This flaw occurs when elFinder is configured to use the ImageMagick CLI driver, due to improper sanitization of the background color parameter during image resize operations.
1 views•7 min read
•about 6 hours ago•GHSA-V38X-C887-992F
9.8GHSA-V38X-C887-992F: Remote Code Execution in Flowise Airtable Agent
Flowise versions up to and including 3.0.13 are vulnerable to a critical remote code execution (RCE) flaw in the Airtable Agent component. The vulnerability arises from improper validation of dynamic Python code executed via the Pandas library, allowing an unauthenticated attacker to execute arbitrary operating system commands.
4 views•7 min read
•about 7 hours ago•GHSA-H39G-6X3C-7FQ9
5.9GHSA-h39g-6x3c-7fq9: Path Confinement Bypass in Zio SubFileSystem
The Zio library for .NET contains a path confinement bypass vulnerability allowing attackers to escape the SubFileSystem restricted directory structure. An attacker can use trailing slashes and traversal segments to read and write files in the parent filesystem.
5 views•5 min read
•about 8 hours ago•GHSA-QRR6-MG7R-M243
7.8GHSA-QRR6-MG7R-M243: Argument Injection and Remote Code Execution in PHPUnit JobRunner
An argument injection vulnerability exists in PHPUnit's JobRunner component due to improper neutralization of metacharacters in PHP INI configuration values. This flaw allows an attacker to inject arbitrary INI directives during process forking, potentially leading to remote code execution within the context of continuous integration environments or testing workers.
4 views•8 min read
•about 9 hours ago•GHSA-6G38-8J4P-J3PR
9.3GHSA-6G38-8J4P-J3PR: Account Takeover via OAuth Email Verification Bypass in Nhost
Nhost is vulnerable to a critical Improper Authentication flaw (CWE-287) that permits full account takeover. The vulnerability exists in the OAuth authentication flow, where multiple provider adapters fail to enforce email verification checks before automatically linking incoming external identities to existing local accounts.
4 views•7 min read
•about 9 hours ago•GHSA-F58V-P6J9-24C2
8.8GHSA-f58v-p6j9-24c2: Authenticated SQL Injection in YesWiki Bazar Module
An authenticated SQL Injection vulnerability exists in the Bazar module of YesWiki. The flaw allows authenticated attackers to execute arbitrary SQL commands via the `id_fiche` parameter, potentially resulting in full database compromise.
5 views•5 min read
•about 10 hours ago•CVE-2026-6437
6.5CVE-2026-6437: Mount Option Injection in Amazon EFS CSI Driver
The Amazon EFS CSI Driver contains an argument injection vulnerability (CWE-88) in versions prior to v3.0.1. Unsanitized values in the volumeHandle and mounttargetip fields allow authenticated users with PersistentVolume creation permissions to inject arbitrary mount options.
3 views•7 min read
•about 10 hours ago•GHSA-MJW2-V2HM-WJ34
8.3GHSA-MJW2-V2HM-WJ34: SQL Injection in Dagster Dynamic Partitions
A high-severity SQL injection vulnerability in Dagster's database I/O manager integrations allows users with dynamic partition creation privileges to execute arbitrary SQL commands. This flaw affects the DuckDB, Snowflake, BigQuery, and DeltaLake integrations due to improper sanitization of dynamic partition keys.
4 views•6 min read
•about 12 hours ago•GHSA-XJVP-7243-RG9H
9.6GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write
A critical path traversal vulnerability in the SCP middleware of the Wish Go library (GHSA-xjvp-7243-rg9h) permits attackers to read and write arbitrary files outside the configured root directory. The flaw originates from insufficient path sanitization in the `fileSystemHandler.prefixed()` method, enabling severe impacts including remote code execution if critical system files are overwritten. Exploitation requires authentication unless the target server explicitly runs without authentication protocols.
4 views•8 min read
•about 12 hours ago•GHSA-JM8C-9F3J-4378
6.1GHSA-jm8c-9f3j-4378: Unauthenticated Email Content Injection in Pretalx Template Engine
Pretalx versions prior to 2026.1.0 contain a template injection vulnerability allowing unauthenticated attackers to embed malformed HTML and Markdown into system-generated emails. By exploiting unsanitized placeholders in the mail generation engine, attackers can spoof trusted communications that pass SPF, DKIM, and DMARC validations.
6 views•6 min read
•about 17 hours ago•GHSA-CJCX-JFP2-F7M2
8.7GHSA-CJCX-JFP2-F7M2: High-Severity Stored XSS in Pretalx Organizer Search Interface
Pretalx versions prior to 2026.1.0 contain a high-severity stored Cross-Site Scripting (XSS) vulnerability within the organizer-facing search interface. Low-privileged users, such as speakers or proposal submitters, can inject malicious JavaScript into their profiles or submissions. When an organizer searches for these records, the application insecurely renders the results using `innerHTML`, leading to arbitrary script execution in the organizer's browser.
4 views•5 min read
•about 18 hours ago•GHSA-9J88-VVJ5-VHGR
6.5GHSA-9j88-vvj5-vhgr: STARTTLS Response Injection and SASL Downgrade in MailKit
MailKit versions prior to 4.16.0 contain a STARTTLS response injection vulnerability. A network-positioned attacker can inject plaintext protocol responses into the client's internal read buffer before the TLS handshake completes, causing the client to process the injected data post-TLS. This flaw typically facilitates SASL mechanism downgrades.
39 views•7 min read