•30 minutes ago•CVE-2026-49982
8.2CVE-2026-49982: Path Traversal Bypass via Type Confusion in node-tmp
A high-severity type-confusion path traversal vulnerability (CVE-2026-49982 / GHSA-7c78-jf6q-g5cm) exists in the node-tmp package version 0.2.6. The vulnerability allows remote attackers to bypass path validation checks by passing non-string data types such as Arrays or duck-typed Objects into options like prefix, postfix, or template. Because the library relies on the .includes() method without verifying the input type, standard array checks evaluate differently than string checks. Downstream string coercion subsequently restores the traversal sequence, allowing files and directories to be created outside the designated temporary directory root. This can result in arbitrary file writes and potential local file execution depending on application context.
2 views•6 min read
•about 2 hours ago•CVE-2026-47347
5.3CVE-2026-47347: Open Redirect Vulnerability in TYPO3 CMS GeneralUtility::sanitizeLocalUrl
CVE-2026-47347 is an open redirect vulnerability affecting multiple TYPO3 CMS versions. The issue resides in GeneralUtility::sanitizeLocalUrl, where an insufficient blocklist validation implementation fails to prevent browsers from normalizing malformed relative paths into external protocol-relative redirections. Attackers can exploit this to conduct phishing, session hijacking, or credential harvesting campaigns.
2 views•7 min read
•about 3 hours ago•CVE-2026-47349
5.3CVE-2026-47349: Missing Authorization in TYPO3 CMS DataHandler Record Restoration
An authenticated backend user with access to the Recycler module in TYPO3 CMS can bypass write restrictions and restore soft-deleted records on pages or database tables they are not authorized to modify. This vulnerability resides in the core DataHandler class due to missing permission checks during 'undelete' operations.
2 views•7 min read
•about 3 hours ago•CVE-2026-11607
7.6CVE-2026-11607: Broken Access Control in TYPO3 CMS Form Framework
CVE-2026-11607 is a critical broken access control vulnerability in TYPO3 CMS's Form Framework (ext:form). Authenticated backend users with access to the Form Framework can load unauthorized YAML configurations, bypassing file extension restrictions. This allows the execution of arbitrary SQL commands via the SaveToDatabase finisher, leading to privilege escalation to administrator level.
4 views•7 min read
•about 4 hours ago•GHSA-G7R4-M6W7-QQQR
7.5GHSA-G7R4-M6W7-QQQR: Path Traversal and Arbitrary File Read in esbuild Development Server on Windows
Improper validation of backslash character separators in esbuild's local development server allows path traversal on Windows systems.
3 views•7 min read
•about 5 hours ago•GHSA-GV7W-RQVM-QJHR
8.1GHSA-GV7W-RQVM-QJHR: Remote Code Execution via Missing Binary Integrity Verification in esbuild Deno Integration
An issue was discovered in the Deno integration of the esbuild package. The module fails to verify the integrity of downloaded native binary packages from NPM registries before writing and executing them on the local filesystem. This allows an attacker who controls the NPM_CONFIG_REGISTRY environment variable or intercepts the network connection to execute arbitrary native code on the host machine.
12 views•6 min read
•about 6 hours ago•GHSA-CHGR-C6PX-7XPP
5.9GHSA-chgr-c6px-7xpp: Thread-Safety Data Race in PyO3 Closure Wrapping
A thread-safety vulnerability exists in the PyO3 library versions prior to 0.29.0 due to a missing Sync trait bound on closure type parameters. This omission allows safe Rust code to register non-thread-safe closures as Python callables, leading to concurrent shared mutation and data races during multithreaded execution.
3 views•11 min read
•about 6 hours ago•GHSA-CH3Q-CW5R-F4HG
7.5GHSA-CH3Q-CW5R-F4HG: Unbounded SSH field lengths cause excessive memory allocation in ConnectBot SSH Client Library
A denial of service vulnerability in the ConnectBot SSH Client Library (cbssh) up to version 0.3.0 allows remote attackers to cause uncontrolled resource consumption. The library uses Kaitai Struct to parse incoming binary streams, but failed to validate the declared length of SSH fields against the physical stream size, leading to excessive memory allocation and OutOfMemoryError crashes.
3 views•6 min read
•about 7 hours ago•GHSA-VC8P-8PXG-RFWG
6.8GHSA-vc8p-8pxg-rfwg: Denial of Service via Integer Overflow and Memory Exhaustion in ConnectBot SSH Client Library
An integer overflow and excessive memory allocation vulnerability in the Distinguished Encoding Rules (DER) private-key parser of ConnectBot SSH Client Library (connectbot/cbssh) allows a local attacker to cause a Denial of Service (DoS) via process termination. By inducing an application utilizing the library to parse a malformed DER-encoded private key file, the library attempts massive memory allocations, triggering an uncaught OutOfMemoryError on the JVM.
4 views•7 min read
•6 days ago•CVE-2026-8467
9.5CVE-2026-8467: Unauthenticated Remote Code Execution in phoenix_storybook
An unauthenticated remote code execution (RCE) vulnerability exists in phoenix_storybook versions 0.5.0 through 1.0.x due to improper input sanitization during HEEx template generation. By sending crafted WebSocket messages, an attacker can escape HTML attribute boundaries and execute arbitrary Elixir code.
22 views•5 min read
•6 days ago•CVE-2026-8469
8.2CVE-2026-8469: Denial of Service via BEAM Atom Table Exhaustion in phoenix_storybook
An unauthenticated Denial-of-Service (DoS) vulnerability exists in phoenix_storybook versions 0.2.0 through 1.0.11 due to allocation of resources without limits (CWE-770). The application dynamically converts user-supplied parameter keys to atoms, leading to BEAM Atom Table exhaustion and immediate virtual machine crash.
11 views•7 min read
•6 days ago•CVE-2026-47068
2.3CVE-2026-47068: Authorization Bypass via Cross-Session PubSub Topic Injection in phoenix_storybook
A security vulnerability in the Elixir package phoenix_storybook (versions 0.4.0 up to 1.1.0) allows unauthenticated remote attackers to perform cross-session PubSub topic injection. By manipulating URL parameters, an attacker can hijack the real-time communications channel, enabling them to capture user state and control parameters from active sessions.
24 views•4 min read