•21 minutes ago•GHSA-R7W7-9XR2-QQ2R
3.1GHSA-R7W7-9XR2-QQ2R: Server-Side Request Forgery via DNS Rebinding in langchain-openai
A Server-Side Request Forgery (SSRF) vulnerability exists in the langchain-openai package before version 1.1.14 due to a Time-of-Check Time-of-Use (TOCTOU) race condition in the image token calculation logic. The _url_to_size function evaluates URL safety and performs the HTTP fetch using separate DNS resolutions, permitting a DNS rebinding attack.
0 views•7 min read
•about 4 hours ago•GHSA-F3G8-9XV5-77GV
5.1GHSA-f3g8-9xv5-77gv: Open Redirect in Saltcorn via Incomplete URL Validation
The @saltcorn/server package contains an open redirect vulnerability (CWE-601) in the login route. An attacker can craft a malicious URL using backslashes to bypass the application's relative URL validation logic, resulting in the redirection of authenticated users to arbitrary external domains.
2 views•6 min read
•about 5 hours ago•CVE-2026-6270
9.1CVE-2026-6270: Authentication Bypass via Middleware Interpretation Conflict in Fastify Middie
CVE-2026-6270 is a critical authentication and authorization bypass vulnerability affecting the Fastify ecosystem, specifically `@fastify/middie` and `@fastify/fastify-express`. The flaw arises from an interpretation conflict in middleware path propagation, allowing unauthenticated requests to bypass security guards and access protected child plugin routes.
2 views•7 min read
•about 7 hours ago•CVE-2026-39857
5.3CVE-2026-39857: Information Disclosure via Authorization Bypass in ApostropheCMS REST API
ApostropheCMS versions 4.28.0 and prior contain an authorization bypass vulnerability in the REST API's 'choices' and 'counts' query builders. These parameters execute MongoDB aggregation operations that bypass configured public API projections, permitting unauthenticated attackers to extract distinct values for restricted schema fields.
4 views•6 min read
•about 13 hours ago•CVE-2026-33824
9.8CVE-2026-33824: Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
A double-free vulnerability in the Windows IKE Extension service allows unauthenticated remote attackers to achieve arbitrary code execution with SYSTEM privileges by sending malformed IKEv2 payloads.
10 views•6 min read
•about 14 hours ago•GHSA-33R3-4WHC-44C2
8.6GHSA-33R3-4WHC-44C2: Path Traversal and Arbitrary File Write in vite-plus/binding
A path traversal vulnerability exists in the `vite-plus/binding` component of the `vite-plus` npm package prior to version 0.1.17. The `downloadPackageManager()` function fails to validate the `version` parameter, allowing programmatic attackers to escape the `VP_HOME` directory, overwrite arbitrary directories, and write executable shims to unintended filesystem locations.
2 views•7 min read
•about 16 hours ago•CVE-2026-33805
9.0CVE-2026-33805: Connection Header Abuse in @fastify/reply-from and @fastify/http-proxy
A logic flaw in the header processing pipeline of @fastify/reply-from and @fastify/http-proxy allows unauthenticated remote attackers to bypass access controls or subvert routing. By manipulating the HTTP Connection header, clients can force the proxy to remove security-critical headers injected by the developer via the rewriteRequestHeaders hook.
3 views•6 min read
•about 17 hours ago•CVE-2026-33807
9.1CVE-2026-33807: Middleware Bypass via Path Interpretation Conflict in @fastify/express
A critical vulnerability exists in @fastify/express versions 4.0.4 and earlier where an interpretation conflict causes middleware paths to be incorrectly calculated during plugin inheritance. This flaw allows unauthenticated remote attackers to bypass security middleware, such as authentication and authorization controls, on specific routes defined within child plugin scopes.
1 views•6 min read
•about 17 hours ago•CVE-2026-40175
10.0CVE-2026-40175: Header Injection in Axios via Prototype Pollution Gadget
CVE-2026-40175 is a critical Header Injection vulnerability in the Axios HTTP client library. It functions as an exploitation gadget in Prototype Pollution attack chains, enabling HTTP request smuggling and splitting. This flaw allows attackers to bypass SSRF mitigations and achieve full cloud compromise via internal service interactions.
14 views•5 min read
•about 17 hours ago•CVE-2026-33808
9.1CVE-2026-33808: Authentication Bypass via Path Normalization Drift in @fastify/express
An interpretation conflict (CWE-436) in @fastify/express up to version 4.0.4 allows unauthenticated attackers to bypass path-scoped middleware. By exploiting normalization drift between the Fastify router and the Express middleware engine using duplicate slashes or semicolon delimiters, attackers can access protected endpoints.
3 views•8 min read
•about 18 hours ago•CVE-2026-33825
7.8CVE-2026-33825: Local Privilege Escalation via TOCTOU in Microsoft Defender Signature Updates (BlueHammer)
CVE-2026-33825, publicly referred to as BlueHammer, is a high-severity local privilege escalation vulnerability within the Microsoft Defender Antimalware Platform. The flaw stems from insufficient access control granularity and a Time-of-Check to Time-of-Use (TOCTOU) race condition during signature updates, enabling a standard user to obtain NT AUTHORITY\SYSTEM privileges.
15 views•7 min read
•about 18 hours ago•GHSA-VP22-38M5-R39R
7.8CVE-2026-33139: Arbitrary Code Execution via Sandbox Bypass in PySpector Plugin Validation
PySpector versions 0.1.6 and earlier contain a critical vulnerability in the plugin security validation system. An incomplete Abstract Syntax Tree (AST) analysis allows attackers to bypass the restrictive sandbox using indirect function calls. Successful exploitation leads to unauthenticated arbitrary code execution on the system running the static analysis scanner.
3 views•5 min read