•about 5 hours ago•CVE-2026-39804
8.2CVE-2026-39804: Remote Code Execution and DoS via Bandit WebSocket Permessage-Deflate Resource Exhaustion
CVE-2026-39804 is a critical resource exhaustion vulnerability (CWE-770) affecting the Bandit Elixir HTTP server. By exploiting unbounded DEFLATE decompression in WebSocket frames, an unauthenticated attacker can crash the Erlang VM (BEAM) via a highly compressed decompression bomb.
3 views•5 min read
•about 5 hours ago•CVE-2026-42786
8.7CVE-2026-42786: Unbounded WebSocket Fragmented Message Reassembly Denial of Service in Bandit
An unauthenticated remote denial of service vulnerability exists in the Bandit HTTP server due to unbounded resource allocation during WebSocket fragment reassembly. Attackers can trigger complete memory exhaustion by streaming continuous WebSocket frames without the finalization bit, causing the Erlang virtual machine to crash.
3 views•6 min read
•about 5 hours ago•CVE-2026-20188
7.5CVE-2026-20188: Uncontrolled Resource Consumption in Cisco CNC and NSO
Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) contain a high-severity denial-of-service vulnerability due to inadequate connection rate limiting. Exploitation results in resource exhaustion requiring a manual reboot for recovery.
8 views•6 min read
•about 6 hours ago•CVE-2026-39805
6.3CVE-2026-39805: CL.CL HTTP Request Smuggling in Bandit Web Server
The Bandit HTTP server for Elixir versions prior to 1.11.0 fails to correctly process requests containing multiple Content-Length headers. This inconsistent interpretation creates a CL.CL HTTP request smuggling vulnerability when Bandit is deployed behind a reverse proxy that parses the headers differently. Attackers exploit this desynchronization to smuggle secondary HTTP requests past edge security controls.
2 views•7 min read
•about 6 hours ago•CVE-2026-39807
6.3CVE-2026-39807: Transport-State Spoofing via Untrusted URI Scheme in Bandit HTTP Server
The Bandit HTTP server prior to version 1.11.0 contains a transport-state spoofing vulnerability. The application incorrectly prioritizes the client-supplied URI scheme over the verified transport-layer encryption status. This allows unauthenticated attackers to spoof the connection state as secure (HTTPS) over a plaintext connection, bypassing security middleware and exposing secure cookies.
3 views•4 min read
•about 7 hours ago•CVE-2026-42788
6.9CVE-2026-42788: HTTP/2 Frame Size Limit Bypass and Memory Exhaustion in Bandit
CVE-2026-42788 is a critical resource management vulnerability in the Bandit HTTP server for Elixir. The flaw exists within the HTTP/2 frame deserialization logic, where binary pattern matching defers size validation until after memory allocation. This allows an unauthenticated remote attacker to cause memory exhaustion and Denial of Service by transmitting oversized HTTP/2 frames.
4 views•6 min read
•about 7 hours ago•GHSA-MMPX-JH39-WRV6
5.4GHSA-MMPX-JH39-WRV6: Stored Cross-Site Scripting in FileBrowser Quantum via SVG Rendering
FileBrowser Quantum versions prior to v1.3.1-stable and v1.3.9-beta are vulnerable to Stored Cross-Site Scripting (XSS). The vulnerability manifests when the application serves user-uploaded Scalable Vector Graphics (SVG) files with the `inline` parameter. Due to the absence of a restrictive Content-Security-Policy (CSP) header, modern browsers execute embedded JavaScript within the application's origin context.
3 views•6 min read
•about 9 hours ago•GHSA-FPF5-4JW8-67X8
7.5GHSA-FPF5-4JW8-67X8: Unbounded Memory Allocation in rust-zserio
A critical vulnerability exists in the rust-zserio crate regarding how auto-generated deserialization routines handle variable-length structures. By supplying a maliciously crafted Zserio bitstream with an artificially inflated size header, an attacker can force the application to request massive memory allocations, resulting in an Out-of-Memory (OOM) panic and process termination.
5 views•7 min read
•about 9 hours ago•GHSA-FC67-C4HG-Q653
7.2CVE-2026-7461: OS Command Injection in Amazon ECS Agent for Windows via FSx Volume Credentials
A high-severity OS command injection vulnerability exists in the Amazon ECS Agent for Windows (versions 1.47.0 to 1.102.0) that permits an authenticated attacker with task definition creation privileges to execute arbitrary commands as the SYSTEM user via crafted FSx Windows File Server volume credentials.
3 views•7 min read
•about 15 hours ago•GHSA-9G2Q-W3W2-VF7Q
N/AGHSA-9G2Q-W3W2-VF7Q: Improper Authorization and IDOR in Kimai Timesheet Management
Kimai versions prior to 2.56.0 contain an Improper Authorization vulnerability that functions as an Insecure Direct Object Reference (IDOR). The vulnerability exists in the TimesheetVoter component, which fails to verify team associations when processing authorization requests. This allows authenticated users with the ROLE_TEAMLEAD privilege to read, modify, or delete timesheets belonging to users in completely unrelated teams.
14 views•6 min read
•about 16 hours ago•GHSA-VRQV-52X7-RM4V
Not ProvidedGHSA-VRQV-52X7-RM4V: Information Exposure via Unrestricted Twig config() Function in Kimai
Kimai versions up to 2.55.0 suffer from an information exposure vulnerability where the custom Twig `config()` function lacks sufficient sandbox restrictions. This flaw allows users with template upload privileges to extract sensitive server-wide configuration values, such as LDAP credentials and SAML private keys, by rendering them into exported invoices or documents.
7 views•6 min read
•about 17 hours ago•CVE-2024-27354
7.5CVE-2024-27354: Computational Denial of Service via Unbounded Primality Testing in phpseclib
A computational Denial of Service (DoS) vulnerability in phpseclib allows unauthenticated attackers to exhaust CPU resources by supplying malformed X.509 certificates. The vulnerability arises from missing bit-length upper bounds in the Miller-Rabin primality test implementation when evaluating explicit elliptic curve field parameters.
12 views•6 min read