•about 2 hours ago•GHSA-VRXG-GM77-7Q5G
8.7GHSA-vrxg-gm77-7q5g: Unauthenticated Remote Code Execution in Windows-MCP HTTP Transport
Windows-MCP versions prior to 0.7.5 expose an unauthenticated HTTP transport endpoint with a wildcard CORS policy. This allows remote attackers or malicious websites to execute arbitrary PowerShell commands on the host machine by interacting with the local MCP server.
2 views•6 min read
•about 2 hours ago•GHSA-PXH5-6RRC-8RJV
3.1GHSA-PXH5-6RRC-8RJV: Client-Side Denial of Service in OpenTofu via Crafted HTTP/2 SETTINGS Frame
OpenTofu versions prior to 1.11.8 are susceptible to a client-side Denial of Service (DoS) vulnerability due to improper handling of HTTP/2 SETTINGS frames. When fetching dependencies from an attacker-controlled registry, the client can be forced into an infinite loop, resulting in uncontrolled CPU and memory exhaustion.
3 views•7 min read
•about 4 hours ago•GHSA-MW8F-W6P8-XRF4
9.9GHSA-MW8F-W6P8-XRF4: Cross-Tenant Account Deletion and Authorization Bypass in wger via Flawed Null Comparison
GHSA-MW8F-W6P8-XRF4 is a critical authorization bypass vulnerability in the wger fitness manager. The flaw exists due to an incomplete patch for CVE-2026-43948, leaving specific user management views vulnerable to flawed null value comparisons. This enables attackers with restricted permissions to permanently delete or deactivate arbitrary user accounts across the global unassigned user pool.
2 views•7 min read
•about 5 hours ago•GHSA-M837-XVXR-VQWG
6.9GHSA-m837-xvxr-vqwg: Hardcoded CORS Wildcard Enables Cross-Origin Credential Abuse in Flowise
Flowise versions prior to 3.1.2 contain a hardcoded CORS wildcard on the Text-to-Speech (TTS) endpoint. This configuration bypasses the application's global security policies and enables cross-origin credential abuse, leading to unauthorized resource consumption and potential financial impact via third-party API quota exhaustion.
2 views•5 min read
•about 12 hours ago•CVE-2026-45829
10.0CVE-2026-45829: Pre-Authentication Remote Code Execution in ChromaDB via ChromaToast
CVE-2026-45829, commonly referred to as ChromaToast, is a critical Pre-Authentication Remote Code Execution (RCE) vulnerability affecting the ChromaDB vector database. The flaw exists in the handling of embedding function configurations during collection creation, allowing unauthenticated attackers to execute arbitrary Python code on the server or client applications.
15 views•5 min read
•about 12 hours ago•CVE-2026-9082
6.5CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core PostgreSQL Driver
Drupal Core contains a highly critical SQL injection vulnerability (CVE-2026-9082) within its Database Abstraction API. The flaw specifically affects installations using the PostgreSQL database backend, allowing unauthenticated attackers to execute arbitrary SQL commands via crafted array keys in filter parameters.
91 views•5 min read
•about 13 hours ago•GHSA-59FH-9F3P-7M39
5.3GHSA-59FH-9F3P-7M39: Mass Assignment in Flowise Profile Update Endpoint
A mass assignment vulnerability in the Flowise profile update endpoint allows authenticated users to directly modify their database records. By injecting the `credential` field into a `PUT` request, an attacker can overwrite their password hash, bypassing standard security controls and enabling persistent account access.
7 views•5 min read
•about 13 hours ago•GHSA-C2C9-MFW7-P8HW
5.3GHSA-C2C9-MFW7-P8HW: Cross-Workspace Chatflow Disclosure in Flowise
An Incorrect Authorization vulnerability in Flowise versions up to 3.1.1 allows cross-workspace information disclosure. The `/api/v1/chatflows/apikey/:apikey` endpoint fails to scope database queries by workspace, exposing unprotected chatflow configurations, LLM prompts, and application metadata across the entire instance.
6 views•4 min read
•about 15 hours ago•CVE-2026-46333
7.1CVE-2026-46333: Local Information Disclosure in Linux Kernel Process Exit Path
CVE-2026-46333 is a high-severity race condition in the Linux kernel process management subsystem, specifically involving the get_dumpable() logic during process exit. Local attackers can exploit this timing window to hijack file descriptors belonging to privileged SUID/SGID processes, leading to the disclosure of sensitive files such as SSH private keys and shadow password hashes.
37 views•6 min read
•about 16 hours ago•GHSA-9QV9-8XV6-5P35
7.0GHSA-9qv9-8xv6-5p35: Unauthenticated Password Reset and Enumeration Flaw in phpMyFAQ
phpMyFAQ versions 4.1.2 and prior contain a critical logic flaw in the REST API password recovery mechanism. The endpoint processes password resets in a single, unauthenticated step, allowing remote attackers to forcefully change database credentials for arbitrary accounts while facilitating user enumeration through observable response discrepancies.
4 views•6 min read
•about 24 hours ago•GHSA-XVP4-PHQJ-CJR3
8.8GHSA-XVP4-PHQJ-CJR3: Insecure Direct Object Reference (IDOR) Leading to Account Takeover in phpMyFAQ
phpMyFAQ versions prior to 4.1.3 contain a critical Insecure Direct Object Reference (IDOR) vulnerability within the administration API. An authenticated attacker with basic user-edit privileges can exploit this flaw to overwrite the password of any higher-privileged user, including the SuperAdmin account. This leads to complete application compromise.
5 views•6 min read
•about 24 hours ago•GHSA-GP95-J463-VV28
7.5GHSA-GP95-J463-VV28: Authentication Bypass via Insecure Default Token in phpMyFAQ REST API
phpMyFAQ contains an authentication bypass vulnerability within its REST API architecture introduced in version 4.0. The vulnerability stems from insecure default initialization of the API client token to an empty string, coupled with flawed comparative logic in the authentication controller. This allows unauthenticated remote attackers to bypass authorization checks and interact with administrative API endpoints.
4 views•6 min read