•about 18 hours ago•CVE-2026-45091
9.1CVE-2026-45091: Cleartext TOTP Secret Exposure in sealed-env JWS Tokens
The sealed-env library incorrectly embeds operator TOTP secrets in the unencrypted Base64-encoded payload of minted JWS tokens, allowing unauthenticated attackers to extract credentials and bypass multi-factor authentication controls.
14 views•4 min read
•about 19 hours ago•CVE-2026-32686
6.9CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal
The ericmj/decimal Elixir library suffers from an uncontrolled resource consumption vulnerability. Parsing decimal strings with exceptionally large exponents succeeds with minimal memory overhead, but subsequent arithmetic operations or string formatting attempts to materialize the expanded value. This exhausts BEAM Virtual Machine memory, causing an immediate denial of service.
9 views•6 min read
•1 day ago•CVE-2026-43284
8.8CVE-2026-43284: "Dirty Frag" Local Privilege Escalation via Linux Kernel Page Cache Corruption
CVE-2026-43284, identified as "Dirty Frag", is a critical local privilege escalation vulnerability in the Linux kernel's handling of shared socket buffer fragments during Encapsulating Security Payload (ESP) decryption. The flaw permits unprivileged local adversaries to corrupt the Linux page cache, establishing a write-what-where primitive that can be leveraged to overwrite read-only system files such as /etc/passwd and achieve immediate root privilege escalation.
133 views•7 min read
•1 day ago•CVE-2026-45321
9.6CVE-2026-45321: Critical Supply Chain Compromise in @tanstack Packages via GitHub Actions Misconfiguration
On May 11, 2026, threat actors executed a multi-stage supply chain attack against the @tanstack ecosystem. By exploiting a pull_request_target misconfiguration in GitHub Actions, attackers poisoned build caches and extracted OIDC tokens from memory. This allowed the unauthorized publication of 84 malicious package versions containing credential-stealing malware.
452 views•7 min read
•1 day ago•CVE-2026-27478
9.1CVE-2026-27478: Authentication Bypass via Dynamic JWKS Discovery in Unity Catalog
Unity Catalog version 0.4.0 and prior contains a critical authentication bypass vulnerability in the token exchange endpoint. The server dynamically fetches JSON Web Key Sets (JWKS) based on unverified 'iss' (issuer) claims within incoming JSON Web Tokens (JWTs), allowing unauthenticated attackers to forge tokens and impersonate arbitrary users.
8 views•6 min read
•1 day ago•GHSA-MHWJ-73QX-JQXM
9.8GHSA-MHWJ-73QX-JQXM: Prototype Pollution in @theecryptochad/merge-guard via deepMerge()
The `@theecryptochad/merge-guard` JavaScript package version 1.0.0 is vulnerable to Prototype Pollution. The `deepMerge()` function fails to validate input keys during recursive object merging, allowing attackers to inject malicious properties into the global `Object.prototype` via the `__proto__` accessor. This widespread environmental state alteration can lead to Denial of Service, business logic bypass, or Remote Code Execution depending on the presence of susceptible gadget chains in the application.
10 views•8 min read
•1 day ago•CVE-2026-40217
8.8CVE-2026-40217: Remote Code Execution via Sandbox Escape in LiteLLM
LiteLLM, an open-source LLM proxy, contains a critical sandbox escape vulnerability in its guardrail testing endpoint. An authenticated attacker can bypass regex-based source-code filtering by leveraging Python object hierarchy traversal and runtime bytecode manipulation, leading to arbitrary code execution as the process owner.
15 views•8 min read
•1 day ago•CVE-2026-44643
9.3CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions
CVE-2026-44643 is a critical sandbox escape vulnerability in the peerigon/angular-expressions library. The flaw permits unauthenticated remote code execution via prototype traversal and improper validation of filter expressions. By crafting specific malicious inputs, attackers can access the global Function constructor.
20 views•5 min read
•2 days ago•CVE-2026-44340
8.7CVE-2026-44340: Arbitrary File Write via Symlink Traversal in PraisonAI Tar Extraction
PraisonAI versions prior to 4.6.37 contain a path traversal vulnerability in the `_safe_extractall` function. The flaw allows an attacker to write arbitrary files outside the intended extraction directory via maliciously crafted tar archives containing unresolved symbolic links.
8 views•7 min read
•4 days ago•CVE-2023-49316
7.5CVE-2023-49316: Denial of Service via Unbounded Degree in phpseclib Binary Finite Fields
The phpseclib cryptographic library version 3.x prior to 3.0.34 contains a Denial of Service (DoS) vulnerability in its mathematical field generation logic. When parsing maliciously crafted X.509 certificates or PKCS#8 private keys specifying Elliptic Curve parameters over a binary finite field, the library fails to validate the degree parameter. This flaw allows a remote attacker to force the PHP application to perform unbounded memory allocations, exhausting server resources and terminating the application worker process.
12 views•6 min read
•4 days ago•GHSA-MV93-W799-CJ2W
7.8GHSA-MV93-W799-CJ2W: Remote Code Execution via Config Section Injection in GitPython
GitPython versions prior to 3.1.50 are vulnerable to a newline injection attack in the `config_writer()` and `set_value()` methods. An incomplete fix for CVE-2026-44244 failed to sanitize the configuration section parameter, allowing an attacker to inject malicious Git configuration blocks such as `[core]` and override the `hooksPath`. This leads to unauthenticated remote code execution when subsequent Git operations trigger the injected hooks.
17 views•8 min read
•4 days ago•CVE-2026-6860
5.3CVE-2026-6860: Unbounded SNI Cache Growth in Eclipse Vert.x
Eclipse Vert.x suffers from an uncontrolled resource consumption vulnerability within its Server Name Indication (SNI) processing logic. When server-side SNI is enabled alongside a wildcard TLS certificate, unauthenticated remote attackers can exhaust server memory by initiating handshakes with continuous unique hostname values, ultimately resulting in a Denial of Service (DoS).
15 views•8 min read