•7 minutes ago•CVE-2026-34786
5.3CVE-2026-34786: Security Header Bypass in Rack::Static via Path Canonicalization Flaw
A canonicalization vulnerability in the Rack Ruby gem's Rack::Static middleware allows attackers to bypass security header rules. By supplying URL-encoded paths, an attacker can evade pattern-matching logic while still retrieving the targeted static files.
0 views•4 min read
•about 1 hour ago•CVE-2026-34828
7.1CVE-2026-34828: Insufficient Session Expiration in listmonk
Listmonk versions 4.1.0 through 6.0.x contain an Insufficient Session Expiration vulnerability (CWE-613) within the application's authentication lifecycle handlers. The software fails to revoke existing authenticated sessions when a user undergoes a password reset or performs an intentional password change. This oversight enables an attacker who has acquired a valid session cookie to maintain unauthorized, persistent access to the compromised account, successfully bypassing the primary defense mechanism of credential rotation.
0 views•7 min read
•about 3 hours ago•GHSA-GMPC-FXG2-VCMQ
6.1GHSA-GMPC-FXG2-VCMQ: Stored Cross-Site Scripting (XSS) in AVideo TopMenu Plugin
The TopMenu plugin in AVideo up to version 26.0 contains a stored cross-site scripting (XSS) vulnerability. User-controlled menu fields lack proper output encoding, allowing administrative users to inject malicious JavaScript that executes globally across all public-facing pages.
2 views•6 min read
•about 4 hours ago•CVE-2026-34973
6.9CVE-2026-34973: LIKE Wildcard Injection in phpMyFAQ Search Component
phpMyFAQ versions prior to 4.1.1 contain a LIKE wildcard injection vulnerability in the searchCustomPages() method. The application fails to properly neutralize SQL LIKE metacharacters, allowing unauthenticated attackers to bypass intended search constraints and trigger unauthorized information disclosure.
3 views•7 min read
•about 4 hours ago•CVE-2026-34974
5.4CVE-2026-34974: Stored Cross-Site Scripting via SVG Sanitizer Bypass in phpMyFAQ
phpMyFAQ versions prior to 4.1.1 contain a vulnerability in the SVG sanitizer component. The application relies on a blacklist regular expression that fails to properly process HTML entity-encoded attributes, allowing an attacker with Editor privileges to upload a malicious SVG. This flaw enables Stored Cross-Site Scripting (XSS), which can result in privilege escalation to Administrator.
3 views•7 min read
•about 6 hours ago•CVE-2026-4176
9.8CVE-2026-4176: Remote Code Execution via Heap-Based Buffer Overflow in Perl Compress::Raw::Zlib
CVE-2026-4176 is a critical dependency chain vulnerability in the Perl programming language. It is caused by the inclusion of an outdated version of the Compress::Raw::Zlib core module, which bundles a vulnerable version of the zlib compression library. This exposure allows unauthenticated remote attackers to achieve arbitrary code execution or denial of service via malformed compressed data streams.
6 views•7 min read
•about 10 hours ago•CVE-2026-5281
8.8CVE-2026-5281: High-Severity Use-After-Free in Dawn WebGPU Implementation
CVE-2026-5281 is a critical Use-After-Free (UAF) vulnerability located in the Dawn WebGPU backend of Chromium-based browsers. It allows remote attackers to execute arbitrary code via a crafted HTML page leveraging a race condition in the internal GPU task queue. The flaw is actively exploited in the wild.
5 views•6 min read
•about 15 hours ago•GHSA-Q56X-G2FJ-4RJ6
8.8CVE-2025-51480: Arbitrary File Write via Path Traversal in ONNX save_external_data
The ONNX (Open Neural Network Exchange) Python library contains a high-severity path traversal vulnerability in the `save_external_data` function. Processing specially crafted ONNX models allows an attacker to write arbitrary files to the host filesystem, resulting in potential remote code execution or data corruption. The vulnerability also exposes a Time-of-Check Time-of-Use (TOCTOU) weakness during file operations.
7 views•6 min read
•about 16 hours ago•CVE-2026-2950
6.5CVE-2026-2950: Prototype Pollution Bypass in Lodash via Array-Wrapped Path Segments
Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution via a bypass of the previous fix for CVE-2025-13465. By supplying array-wrapped path segments to functions like `_.unset` and `_.omit`, attackers can evade type-checking logic and delete properties from built-in prototypes.
14 views•6 min read
•about 17 hours ago•CVE-2026-4800
8.1CVE-2026-4800: Code Injection and Remote Code Execution in lodash _.template
CVE-2026-4800 is a high-severity code injection vulnerability (CWE-94) in the lodash library's _.template function. Arising from an incomplete patch for CVE-2021-23337, this flaw allows unauthenticated attackers to execute arbitrary JavaScript upon template compilation via malicious object keys.
8 views•6 min read
•about 17 hours ago•GHSA-32WQ-PPWG-3W4M
7.5GHSA-32WQ-PPWG-3W4M: Denial of Service in EnhancedLinq.Async via Microsoft.Bcl.Memory Out-of-Bounds Read
EnhancedLinq.Async is vulnerable to a Denial of Service (DoS) attack due to an out-of-bounds read flaw inherited from its transitive dependency on Microsoft.Bcl.Memory. This issue, originally tracked as CVE-2026-26127, allows unauthenticated remote attackers to crash applications by supplying malformed Base64Url-encoded payloads.
7 views•4 min read
•about 18 hours ago•GHSA-W2FM-25VW-VH7F
7.1GHSA-W2FM-25VW-VH7F: Cross-Client Data Leak via Transport Race Condition in mcp-handler
A race condition in the underlying Model Context Protocol (MCP) TypeScript SDK causes a tool response leak across concurrent client sessions. The `mcp-handler` package prior to version 1.1.0 exposes applications to this cross-client data leak due to improper lifecycle management of transport and protocol instances in stateless environments.
6 views•7 min read