•about 1 hour ago•CVE-2026-25960
7.1CVE-2026-25960: Server-Side Request Forgery (SSRF) Bypass in vLLM MediaConnector via Parser Differential
vLLM contains a critical parser differential vulnerability that allows attackers to bypass existing Server-Side Request Forgery (SSRF) protections. By exploiting parsing discrepancies between urllib3 and yarl, attackers can craft specific URLs that pass validation but direct the underlying HTTP client to query internal network services and cloud metadata endpoints.
2 views•5 min read
•about 1 hour ago•GHSA-9Q36-67VC-RRWG
6.5GHSA-9Q36-67VC-RRWG: Sandbox Escape via Slash Command in OpenClaw ACP
A logic flaw in the OpenClaw agent infrastructure platform allows sandboxed sessions to bypass isolation policies. By utilizing the `/acp spawn` slash command via integrated chat interfaces, restricted users can initialize high-privilege Agent Control Plane (ACP) sessions directly on the host runtime.
3 views•6 min read
•about 2 hours ago•GHSA-93FX-5QGC-WR38
8.8GHSA-93FX-5QGC-WR38: Authenticated Remote Code Execution via Liquidsoap Interpolation in AzuraCast
AzuraCast versions prior to 0.23.4 contain a Remote Code Execution (RCE) vulnerability. The flaw exists in the ConfigWriter class, which fails to properly sanitize user-supplied metadata before writing it to Liquidsoap configuration files. This allows authenticated users to inject arbitrary commands via Liquidsoap's string interpolation functionality.
0 views•6 min read
•about 3 hours ago•CVE-2026-30848
6.3CVE-2026-30848: Path Traversal Vulnerability in Parse Server PagesRouter
Parse Server's PagesRouter component contains a path traversal vulnerability due to insufficient validation of static file request paths. Unauthenticated attackers can leverage URL-encoded sequences to read files from sibling directories that share the same naming prefix as the configured pages directory.
3 views•6 min read
•about 3 hours ago•CVE-2026-30850
6.3CVE-2026-30850: Missing Authorization in Parse Server File Metadata Endpoint
Parse Server versions prior to 8.6.9 and 9.5.0-alpha.9 contain a missing authorization vulnerability (CWE-862) in the file metadata retrieval endpoint. The application fails to invoke developer-defined `beforeFind` and `afterFind` security triggers when processing requests for file metadata. This flaw allows attackers to bypass access controls and extract sensitive file metadata, provided they know the target filename.
2 views•5 min read
•about 4 hours ago•CVE-2026-30854
6.9CVE-2026-30854: GraphQL Introspection Authorization Bypass in Parse Server
Parse Server fails to adequately restrict GraphQL introspection queries when the graphQLPublicIntrospection setting is disabled. An unauthenticated attacker can bypass the restriction by nesting __type queries within inline fragments, allowing unauthorized discovery of the database schema.
2 views•6 min read
•about 4 hours ago•CVE-2026-30863
9.3CVE-2026-30863: JWT Audience Validation Bypass in Parse Server Authentication Adapters
Parse Server versions prior to 8.6.10 and 9.5.0-alpha.11 contain a critical authentication bypass vulnerability in the Google, Apple, and Facebook authentication adapters. An improper implementation of JSON Web Token (JWT) audience validation allows attackers to utilize tokens issued for third-party applications to authenticate as arbitrary users on the target server. Exploitation requires no privileges and results in full account compromise.
2 views•8 min read
•about 4 hours ago•CVE-2026-29196
8.7CVE-2026-29196: WireGuard Private Key Exposure via API in Netmaker
Netmaker versions prior to 1.5.0 suffer from a critical excessive data exposure vulnerability (CWE-863). Authenticated users assigned the `platform-user` role can retrieve the cleartext WireGuard private keys for all nodes and external clients within a network via the REST API. This structural authorization failure allows an attacker to completely compromise network confidentiality by decrypting traffic and impersonating legitimate nodes.
3 views•7 min read
•about 17 hours ago•CVE-2026-25611
7.5CVE-2026-25611: Pre-Authentication Denial of Service via Asymmetric Memory Exhaustion in MongoDB Server
MongoDB Server versions prior to 8.2.4, 8.0.18, and 7.0.29 are vulnerable to a pre-authentication Denial of Service (DoS) attack. By sending crafted OP_COMPRESSED wire protocol messages with disproportionately large uncompressed size declarations, an unauthenticated remote attacker can force the server to allocate excessive memory, leading to resource exhaustion and process termination.
19 views•6 min read
•about 19 hours ago•CVE-2026-30852
5.5CVE-2026-30852: Double-Expansion Information Disclosure in Caddy vars_regexp
CVE-2026-30852 is a moderate-severity information disclosure vulnerability in the Caddy web server. The flaw originates in the `vars_regexp` matcher within the `caddyhttp` module, where improper neutralization of special elements leads to a double-expansion of placeholders. Attackers can exploit this behavior by crafting specific HTTP request headers that, when evaluated by the vulnerable matcher, expose sensitive environment variables, local file contents, and system information.
7 views•7 min read
•about 19 hours ago•CVE-2026-30855
8.8CVE-2026-30855: Broken Object Level Authorization in Tencent WeKnora
Tencent WeKnora versions prior to 0.3.2 contain a critical Broken Object Level Authorization (BOLA) vulnerability. The API fails to validate user session context against requested tenant identifiers, allowing authenticated attackers to view, modify, or delete any tenant workspace and extract sensitive LLM API keys.
10 views•6 min read
•about 20 hours ago•CVE-2026-30856
5.9CVE-2026-30856: Tool Execution Hijacking and Indirect Prompt Injection in Tencent WeKnora
The Tencent WeKnora framework prior to version 0.3.0 contains a vulnerability in the Model Context Protocol (MCP) client implementation. A flaw in tool identifier generation and registry management permits an attacker-controlled MCP server to overwrite legitimate tools via a naming collision. This enables the execution of indirect prompt injection attacks against the underlying large language model (LLM), facilitating unauthorized data exfiltration.
8 views•6 min read