•26 minutes ago•CVE-2026-12565
5.3CVE-2026-12565: Arbitrary File Write via Path Traversal in BBOT unarchive Module
CVE-2026-12565 is a medium-severity path traversal (Zip-Slip) vulnerability within the internal unarchive module of the BBOT (Black Lantern Security) OSINT framework. The vulnerability exists due to a failure to validate target paths before extracting archives using host-level command-line utilities. This allows remote, unauthenticated attackers to write arbitrary files outside of the target extraction folder on environments running legacy versions of GNU tar.
0 views•7 min read
•about 1 hour ago•CVE-2026-12566
3.1CVE-2026-12566: Server-Side Request Forgery (SSRF) in Black Lantern Security BBOT docker_pull Module
A Server-Side Request Forgery (SSRF) vulnerability exists in the docker_pull module of Black Lantern Security BBOT. By returning a maliciously crafted WWW-Authenticate header from a rogue Docker registry or executing a Man-in-the-Middle (MitM) attack, an attacker can coerce the BBOT scanner into making arbitrary HTTP requests to internal system services or external infrastructure, potentially disclosing sensitive authorization tokens and host metadata.
2 views•6 min read
•about 1 hour ago•CVE-2026-12568
6.5CVE-2026-12568: Path Traversal and Arbitrary File Write in BBOT postman_download Module
CVE-2026-12568 is a path traversal vulnerability (CWE-22) in the postman_download module of BBOT (Babbage Border Obsession Tool) version 2.1.0 through 2.8.5. The vulnerability allows an attacker to perform arbitrary file writes on the local machine running the BBOT scan via a maliciously named remote Postman workspace.
3 views•7 min read
•about 2 hours ago•CVE-2026-12567
2.2CVE-2026-12567: Symlink Following Vulnerability in BBOT github_workflows Module
The github_workflows module in BBOT (Black Lantern Security OSINT framework) versions 2.0.0 through 2.8.4 constructs local directory paths from user-controlled repository and owner names without validating for symbolic links. A local attacker sharing the scan directory can pre-plant a symlink at the predictable output path, forcing BBOT to write downloaded workflow artifacts or run logs to an arbitrary location on the filesystem.
6 views•6 min read
•about 4 hours ago•GHSA-47QP-HQVX-6R3F
7.5GHSA-47QP-HQVX-6R3F: Remote Memory Exhaustion (Denial of Service) in JLine3 Telnet Server
An unauthenticated remote memory exhaustion vulnerability in the JLine3 Telnet server allows attackers to crash the host Java Virtual Machine (JVM). The flaw exists in the processing of the NEW-ENVIRON option, where the server accepts an arbitrary number of environment variables without limits, storing them in an unconstrained HashMap. Sending as little as 3.25 MB of payload data can exhaust a standard JVM heap and trigger an OutOfMemoryError. This vulnerability affects applications integrating the remote-telnet module of JLine3.
6 views•7 min read
•about 6 hours ago•CVE-2026-49975
7.5CVE-2026-49975: Remote Denial of Service via HTTP/2 HPACK Cookie Memory Amplification in Apache HTTP Server
CVE-2026-49975 describes a high-severity remote Denial of Service (DoS) vulnerability in the Apache HTTP Server's mod_http2 module. Unauthenticated attackers can exploit the HPACK compression and cookie-merging behavior to trigger severe, quadratic memory allocation. This resource exhaustion is maintained by manipulating the HTTP/2 flow-control window, ultimately forcing an Out-of-Memory condition on the server host.
10 views•7 min read
•about 21 hours ago•CVE-2026-5038
5.3CVE-2026-5038: Denial of Service via Incomplete File Cleanup in Multer diskStorage Engine
CVE-2026-5038 is a critical denial of service vulnerability in the Node.js Multer middleware. When utilizing the diskStorage engine, connection termination or validation failures leave partial files orphaned on the local filesystem due to stream-destruction signal propagation failures in Node's piping mechanism. Remote unauthenticated attackers can exploit this to fill server disks and induce system crashes.
5 views•7 min read
•about 22 hours ago•CVE-2026-5079
7.5CVE-2026-5079: Denial of Service via Uncontrolled Resource Consumption in Multer Multipart Parser
CVE-2026-5079 is a high-severity Denial of Service (DoS) vulnerability in the Node.js package 'multer'. The vulnerability resides in how its internal dependency, 'append-field', processes deeply nested bracket structures in multipart form field names. If an attacker submits a field name with an excessive number of nested brackets, the parsing process crashes the Node.js runtime environment or exhausts system resources, causing a complete denial of service.
8 views•6 min read
•about 23 hours ago•CVE-2026-9595
5.3CVE-2026-9595: WebSocket Proxying Vulnerability in webpack-dev-server leading to Host/Origin Validation Bypass
webpack-dev-server (WDS) is vulnerable to an Origin Validation Error (CWE-346) and a Confused Deputy vulnerability (CWE-441) due to path normalization discrepancies in its upgrade handling. When a proxy is configured with a broad context and WebSocket support is enabled, the proxy middleware intercepts internal Hot Module Replacement (HMR) WebSocket upgrade requests. This forwards the browser's credentials (such as Cookies and Origin headers) to the backend target, bypassing built-in security controls and corrupting the WebSocket connection.
9 views•7 min read
•about 23 hours ago•CVE-2026-53840
6.0CVE-2026-53840: Sensitive Header Leakage via Cross-Origin Redirects in OpenClaw MCP Servers
An information disclosure vulnerability exists in OpenClaw before version 2026.5.12. The issue resides within the streamable-http Model Context Protocol (MCP) server integration, where the application client automatically forwards operator-configured custom headers during cross-origin HTTP redirects. If an attacker controls or compromises a configured remote MCP endpoint, they can issue redirect responses to exfiltrate highly sensitive data, such as API keys or tenant-routing credentials, to unauthorized external origins.
10 views•7 min read
•1 day ago•GHSA-8JR5-V98P-W75M
8.6GHSA-8JR5-V98P-W75M: Perception Desynchronization via Unnormalized EXIF Orientation and PNG Transparency in vLLM
A critical preprocessing mismatch exists in vLLM's multimodal image pipeline before commit cf1c90672404548aa3bc51f92c4745576a65ee26. The vulnerability occurs because the engine loads user-submitted images and passes them to underlying Vision-Language Models (VLMs) without normalizing their EXIF orientation metadata or fully resolving complex transparency structures. This gap creates a perception desynchronization vulnerability where the physical pixel grid processed by the AI model differs significantly from how the image is visually rendered to human moderators or frontend applications. Attackers can exploit this mismatch to perform silent prompt injections, bypass safety moderation systems, or execute adversarial jailbreaks.
3 views•8 min read
•1 day ago•GHSA-664H-GPGQ-H6XX
5.4GHSA-664h-gpgq-h6xx: Privilege Escalation via Broken Authorization in n8n Evaluation Test Runs Controller
An incorrect authorization vulnerability exists in the open-source workflow automation platform n8n within the Evaluation Test Runs Controller. In deployments utilizing Advanced Permissions, an authenticated user assigned a low-privilege project:viewer role can bypass configured permission policies. This allows the unauthorized user to execute, terminate, or delete workflow evaluation test runs by exploiting misconfigured API scope validations that map read-only scopes to mutating endpoints.
7 views•6 min read