•25 minutes ago•CVE-2026-26061
8.7CVE-2026-26061: Unauthenticated Denial of Service via Unbounded Memory Allocation in Fleet
Fleet device management software versions prior to 4.81.0 are vulnerable to an unauthenticated denial-of-service (DoS) attack. The vulnerability stems from a failure to enforce size limits on HTTP request bodies at specific osquery logging and telemetry endpoints, allowing remote attackers to exhaust server memory.
1 views•5 min read
•about 1 hour ago•CVE-2026-32695
6.3CVE-2026-32695: Ingress Rule Injection and Host Restriction Bypass in Traefik
Traefik Kubernetes providers (Knative, Ingress, and Ingress-NGINX) fail to properly sanitize user-controlled input during the generation of internal routing rules. This improper neutralization allows authenticated users to inject arbitrary Domain-Specific Language (DSL) syntax via unescaped string interpolation. Exploitation enables malicious tenants to bypass host restrictions and intercept cross-tenant traffic in multi-tenant cluster environments.
0 views•7 min read
•about 3 hours ago•GHSA-89V5-38XR-9M4J
Not AssignedGHSA-89V5-38XR-9M4J: Multiple Server-Side Request Forgery (SSRF) Vectors in Postiz
Postiz versions prior to v2.21.2 are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs across multiple application components. Attackers can exploit these flaws in the webhook management, RSS feed parsing, and HTML loading endpoints to force the server into making arbitrary network requests. This allows unauthorized access to internal network resources, local services, and cloud environment metadata.
2 views•6 min read
•about 3 hours ago•CVE-2026-28786
4.3CVE-2026-28786: Path Traversal and Information Disclosure in Open WebUI Audio Transcriptions
Open WebUI versions prior to 0.8.6 are vulnerable to path traversal and information disclosure via the audio transcription endpoint. An authenticated attacker can manipulate the multipart form filename to disclose the absolute filesystem path of the internal application directory.
3 views•6 min read
•about 7 hours ago•GHSA-CFP9-W5V9-3Q4H
6.9GHSA-CFP9-W5V9-3Q4H: Filesystem Sandbox Bypass in OpenClaw Agent Media Tools
The OpenClaw AI agent framework contains a filesystem sandbox bypass vulnerability in its image and pdf tools. Due to improper path resolution and initialization of allowed directories, an attacker can extract sensitive files from the host system via the agent's vision model capabilities, bypassing the tools.fs.workspaceOnly security policy.
4 views•7 min read
•about 8 hours ago•GHSA-7XR2-Q9VF-X4R5
8.8GHSA-7XR2-Q9VF-X4R5: Symlink Traversal via IDENTITY.md in OpenClaw
The openclaw npm package version 2026.2.25 and earlier contains a symlink traversal vulnerability due to an incomplete fix for CVE-2026-32013. The vulnerability exists in the agents.create and agents.update methods, allowing an authenticated attacker to append arbitrary data to restricted system files.
4 views•7 min read
•about 9 hours ago•GHSA-HFF2-GCPX-8F4P
2.3GHSA-HFF2-GCPX-8F4P: Apollo Router Core XS-Search Bypass via Read-Only CSRF
Apollo Router Core versions prior to 2.12.1 contain a vulnerability where a browser-specific bug bypasses Cross-Site Request Forgery (CSRF) protections, enabling Cross-Site Search (XS-Search) attacks on read-only queries. The issue requires specific authentication schemes and non-standard browser behavior to exploit.
4 views•6 min read
•about 9 hours ago•GHSA-6P22-Q7W5-33PG
3.3CVE-2026-25969: Local Denial of Service via Memory Leak in ImageMagick ASHLAR Coder
A memory management flaw in the ASHLAR tiling layout engine within ImageMagick and its Magick.NET wrapper results in a memory leak. Processing specially crafted images causes the application to consume excessive heap memory, ultimately leading to a local denial-of-service (DoS) condition via an Out-Of-Memory (OOM) state.
3 views•5 min read
•about 10 hours ago•GHSA-9R56-3GJQ-HQF7
3.3GHSA-9R56-3GJQ-HQF7: Memory Leak in ImageMagick META Reader Error Path
ImageMagick and its downstream wrapper libraries, including Magick.NET, contain a memory leak vulnerability in the META reader component. The flaw, identified as CWE-401, resides in the APP1JPEG input and error handling paths within `coders/meta.c`. When processing malformed image profiles, the application fails to release allocated memory structures, allowing an attacker to trigger memory exhaustion and subsequent Denial of Service (DoS) by submitting specially crafted files.
3 views•6 min read
•about 16 hours ago•GHSA-2J22-PR5W-6GQ8
6.5GHSA-2j22-pr5w-6gq8: Cross-Site Scripting Filter Bypass in Loofah allowed_uri?
The Loofah Ruby library version 2.25.0 contains an improper URI validation vulnerability in the allowed_uri? method. Attackers can bypass Cross-Site Scripting (XSS) filters by injecting HTML entity-encoded control characters into URI schemes. This allows execution of arbitrary JavaScript when the maliciously crafted URI is rendered and interacted with in a web browser.
3 views•6 min read
•about 17 hours ago•GHSA-PRH4-VHFH-24MJ
5.3GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs
Harbor, an open-source cloud native registry, contains a Moderate severity vulnerability (CWE-532) in its audit logging subsystem. The application relies on an incomplete blacklist to redact sensitive data from configuration payloads. This failure causes LDAP passwords, specifically `ldap_search_password`, and OpenID Connect (OIDC) client secrets to be written to the database in plain text within the operation description field. This vulnerability allows authorized users with audit log access to retrieve enterprise directory credentials.
3 views•6 min read
•about 18 hours ago•GHSA-C7W3-X93F-QMM8
9.8GHSA-C7W3-X93F-QMM8: SMTP Command Injection in Nodemailer via CRLF Sequences
Nodemailer, a widely utilized Node.js package for email transmission, contains a critical input validation vulnerability. The software fails to sanitize the `envelope.size` parameter, permitting attackers to inject arbitrary SMTP commands via CRLF sequences. This flaw facilitates unauthorized email distribution, bypassing of application-level recipient controls, and internal SMTP reconnaissance.
10 views•6 min read