•15 minutes ago•CVE-2026-39961
6.8CVE-2026-39961: Cross-Namespace Secret Exfiltration via Confused Deputy in Aiven Operator
The Aiven Operator for Kubernetes (versions 0.31.0 through 0.36.x) contains a critical privilege escalation and data exfiltration vulnerability. A low-privileged user with permission to create specific Custom Resource Definitions (CRDs) can exploit a confused deputy flaw in the operator's reconciliation loop to read sensitive Kubernetes Secrets from any namespace in the cluster.
0 views•9 min read
•about 1 hour ago•CVE-2026-40074
6.3CVE-2026-40074: Denial of Service via Unhandled Exceptions in SvelteKit Redirects
SvelteKit versions prior to 2.57.1 are vulnerable to a Denial of Service (DoS) condition due to improper handling of exceptional conditions in the `redirect()` function. When supplied with invalid HTTP header characters, the underlying JavaScript runtime throws a TypeError that terminates the process or hangs the request.
2 views•8 min read
•about 1 hour ago•CVE-2026-40077
3.5CVE-2026-40077: Insecure Direct Object Reference in Beszel Hub API
CVE-2026-40077 is an Insecure Direct Object Reference (IDOR) vulnerability in the Beszel Hub API prior to version 0.18.7. The flaw allows authenticated users to bypass authorization controls and access sensitive container logs, retrieve systemd metadata, or trigger SMART disk scans on monitoring agents belonging to other users.
2 views•5 min read
•about 2 hours ago•CVE-2026-40073
8.2CVE-2026-40073: Unrestricted Resource Allocation in SvelteKit adapter-node via Chunked Transfer Encoding
SvelteKit's adapter-node fails to enforce the configured BODY_SIZE_LIMIT for incoming requests utilizing chunked transfer encoding. This logic error allows unauthenticated remote attackers to send arbitrarily large request bodies, bypassing internal framework protections and leading to memory exhaustion and server denial of service.
3 views•5 min read
•about 3 hours ago•CVE-2026-40103
4.3CVE-2026-40103: Authorization Bypass via Method Confusion in Vikunja API
Vikunja versions prior to 2.3.0 contain an authorization bypass vulnerability caused by method confusion in scoped API token validation. The application validates authorization scopes using URL path strings but fails to enforce matching HTTP methods, allowing a read-only token to perform destructive state-changing operations.
2 views•6 min read
•about 4 hours ago•CVE-2024-23653
9.8CVE-2024-23653: Build-Time Container Escape in Moby BuildKit via GRPC API Authorization Bypass
Moby BuildKit versions prior to 0.12.5 contain a critical authorization bypass vulnerability (CWE-863) within the interactive containers GRPC Gateway API. A maliciously crafted Dockerfile using a custom frontend can bypass entitlement checks to launch a privileged container, resulting in a build-time escape and full host root command execution.
3 views•5 min read
•about 4 hours ago•CVE-2026-40046
8.8CVE-2026-40046: Integer Overflow and Protocol Smuggling in Apache ActiveMQ MQTT Decoder
CVE-2026-40046 is an integer overflow vulnerability in the MQTT transport module of Apache ActiveMQ versions 6.0.0 through 6.2.3. The flaw stems from a failure to enforce the specification-defined maximum byte length for the MQTT 'Remaining Length' header. Attackers can exploit this logic error to trigger protocol desynchronization, perform command smuggling, and cause denial-of-service conditions. This vulnerability is a regression of CVE-2025-66168, which was patched in the 5.19.x branch but inadvertently omitted from the 6.x release line.
2 views•7 min read
•about 5 hours ago•CVE-2026-34941
6.9CVE-2026-34941: Heap Out-of-bounds Read in Wasmtime Component String Transcoding
Wasmtime contains a critical out-of-bounds read vulnerability in its Fast API Call Trampoline (fact) compiler. A logic error during UTF-16 string transcoding validates the string length using code units rather than byte sizes, allowing malicious WebAssembly guests to induce the host runtime into reading adjacent memory.
2 views•7 min read
•about 5 hours ago•CVE-2026-34942
5.9CVE-2026-34942: Denial of Service via Unaligned Memory Allocation in Wasmtime Component Model
Wasmtime fails to verify the alignment of memory pointers returned by guest modules during UTF-16 string transcoding. A malicious guest can exploit this by returning an unaligned pointer from its reallocation function, triggering an unrecoverable host panic and causing a complete denial of service.
3 views•6 min read
•about 6 hours ago•CVE-2026-34943
5.6CVE-2026-34943: Host-Side Panic and Denial of Service in Wasmtime Dynamic Lifting
Wasmtime is vulnerable to a denial-of-service condition due to a host-side panic triggered when dynamically lifting WebAssembly Component Model flags types. The dynamic lifter fails to ignore undefined bits provided by a guest, leading to an unhandled exception.
3 views•9 min read
•about 7 hours ago•CVE-2026-34944
4.1CVE-2026-34944: Out-of-bounds Read and Denial of Service in Wasmtime Cranelift Backend
An out-of-bounds read vulnerability exists in the Cranelift x86-64 backend of Wasmtime. When SSE3 is disabled, incorrect instruction selection for the f64x2.splat operation results in a widened 16-byte memory load instead of the intended 8-byte load, leading to a process-level segmentation fault and Denial of Service.
5 views•6 min read
•about 8 hours ago•CVE-2026-34945
2.3CVE-2026-34945: Host Stack Memory Leak via Type Confusion in Wasmtime Winch Compiler
The Wasmtime WebAssembly runtime is affected by a type confusion vulnerability in its Winch compiler backend when processing the `table.size` instruction. When the `memory64` proposal is enabled, this flaw allows a malicious guest WebAssembly module to read uninitialized host stack memory, potentially leaking sensitive host data.
5 views•6 min read