•28 minutes ago•GHSA-V8JW-8W5P-23G3
7.2GHSA-V8JW-8W5P-23G3: Authenticated Remote Code Execution in AVideo Plugin Import
A critical remote code execution (RCE) vulnerability exists in AVideo (formerly YouPHPTube) within the plugin import functionality. The flaw stems from the insecure use of OS-level commands to extract uploaded ZIP archives without validating their contents. An authenticated administrator can exploit this to upload and execute arbitrary PHP code on the server, leading to full system compromise. The vulnerability involves multiple weakness classes, including OS Command Injection (CWE-78) and Unrestricted File Upload (CWE-434).
1 views•5 min read
•about 1 hour ago•CVE-2026-28361
4.9CVE-2026-28361: IDOR in NocoDB MCP Token Service
A medium-severity Insecure Direct Object Reference (IDOR) vulnerability exists in NocoDB versions prior to 0.301.3. The flaw is located in the Model Context Protocol (MCP) Token service, where improper authorization checks allow authenticated users with 'Creator' privileges to access, regenerate, or delete MCP tokens belonging to other users within the same base. Successful exploitation requires knowledge of the target token's identifier.
3 views•5 min read
•about 3 hours ago•GHSA-5PMP-JPCF-PWX6
CriticalGHSA-5PMP-JPCF-PWX6: Malicious Rust Crate 'tracing-check' Targeting Polymarket Developers
A critical supply chain vulnerability involving the malicious Rust crate 'tracing-check', identified in February 2026. This crate, published to the crates.io registry, employed typosquatting techniques to mimic legitimate components of the 'tracing' ecosystem. Its primary objective was the exfiltration of sensitive credentials and private keys from developers utilizing the Polymarket Client SDK. The incident highlights the growing trend of targeted attacks against decentralized finance (DeFi) infrastructure through package repository manipulation.
7 views•4 min read
•about 6 hours ago•CVE-2026-2293
8.2CVE-2026-2293: Path Canonicalization Bypass in NestJS Fastify Adapter
A high-severity path canonicalization vulnerability exists in the `@nestjs/platform-fastify` adapter of the NestJS framework. The vulnerability arises from a discrepancy between how the NestJS middleware engine matches routes (using raw URLs) and how the underlying Fastify router handles requests (using normalized URLs). This 'Differential Normalization' allows remote attackers to bypass route-scoped authentication and authorization middleware by crafting malformed URLs (e.g., containing double slashes or casing variations) that fail middleware regex matching but are successfully routed to protected controllers.
4 views•5 min read
•about 8 hours ago•CVE-2019-1020018
7.3CVE-2019-1020018: Lack of Confirmation Screen in Discourse Email Login
A critical authentication vulnerability exists in Discourse versions prior to 2.3.0 and 2.4.0.beta3. The vulnerability arises from a failure to implement a confirmation screen during the email login process, where clicking a magic link immediately authenticates the user via a GET request. This behavior violates HTTP idempotency principles, allowing email security scanners, link pre-fetchers, and potentially malicious scripts to inadvertently trigger authentication and invalidate the single-use login token before the user can intentionally access the application.
2 views•5 min read
•about 14 hours ago•CVE-2026-28372
7.4CVE-2026-28372: Local Privilege Escalation in GNU Inetutils telnetd
A critical privilege escalation vulnerability exists in GNU Inetutils `telnetd` versions through 2.7. The daemon fails to properly sanitize the environment before executing the login process, allowing attackers to inject dangerous environment variables. Because `telnetd` executes `/bin/login` as root without triggering the kernel's `AT_SECURE` protection, these variables are preserved. This allows local attackers—and potentially remote attackers depending on configuration—to gain root privileges by manipulating `systemd` credentials or `glibc` character set conversion paths.
9 views•5 min read
•about 15 hours ago•CVE-2026-21654
9.1CVE-2026-21654: Pre-Authentication Remote Code Execution in Johnson Controls Frick Quantum HD
A critical OS Command Injection vulnerability exists in Johnson Controls Frick Controls Quantum HD panels (versions 10.22 and prior), allowing unauthenticated remote attackers to execute arbitrary code with root privileges. This flaw poses severe risks to industrial refrigeration processes and safety systems.
9 views•6 min read
•about 16 hours ago•CVE-2026-25851
9.4CVE-2026-25851: Critical Authentication Bypass in Chargemap OCPP Backend
A critical missing authentication vulnerability (CWE-306) in the Chargemap backend infrastructure allows unauthenticated remote attackers to impersonate electric vehicle (EV) charging stations. By leveraging publicly discoverable station identifiers, attackers can establish unauthorized WebSocket connections to the Open Charge Point Protocol (OCPP) interface. This access permits the manipulation of charging sessions, falsification of meter data, and potential denial of service against legitimate infrastructure.
16 views•5 min read
•30 minutes ago•GHSA-528Q-4PGM-WVG2
6.1CVE-2025-45286: Reflected XSS in go-httpbin via Content-Type Override
A Reflected Cross-Site Scripting (XSS) vulnerability exists in mccutchen/go-httpbin versions prior to 2.18.0. The application allows clients to define the Content-Type response header via query parameters on endpoints such as /response-headers and /base64. By setting the Content-Type to text/html and injecting malicious scripts into the request, an attacker can force the server to return an unescaped HTML response containing the payload. This allows arbitrary JavaScript execution in the context of the victim's browser session.
5 views•5 min read
•1 day ago•CVE-2026-27752
8.2CVE-2026-27752: Cleartext Credential Exposure in SODOLA SL902-SWTGW124AS Switches
A critical information disclosure vulnerability affects the management interface of SODOLA SL902-SWTGW124AS network switches (firmware versions 200.1.20 and prior). The device transmits administrative credentials in cleartext over unencrypted HTTP, allowing network-positioned attackers to intercept sensitive authentication data and gain full administrative control of the device.
5 views•5 min read
•1 day ago•CVE-2026-27751
9.8CVE-2026-27751: Hardcoded Default Credentials in SODOLA SL902-SWTGW124AS
A critical authentication vulnerability exists in the SODOLA SL902-SWTGW124AS network switch firmware. The device ships with hardcoded administrative credentials that are not forcibly changed upon initial configuration. This flaw allows unauthenticated remote attackers to gain full administrative access to the device management interface via HTTP or HTTPS, leading to complete system compromise.
12 views•5 min read
•1 day ago•CVE-2026-2359
8.7DoS in Multer via Premature Connection Termination
A high-severity Denial of Service (DoS) vulnerability exists in Multer versions prior to 2.1.0, a popular Node.js middleware for handling `multipart/form-data`. The flaw stems from improper handling of HTTP request termination events (`aborted` and `close`) during file uploads. When a client initiates a multipart upload and subsequently terminates the connection before completion, Multer fails to clean up internal resources or stop the parsing stream. This leads to the indefinite hanging of the request handler and the leakage of file descriptors, memory buffers, and socket connections, eventually resulting in server resource exhaustion.
16 views•6 min read