•about 3 hours ago•CVE-2026-40372
9.1CVE-2026-40372: ASP.NET Core Elevation of Privilege Vulnerability
A critical Elevation of Privilege (EoP) vulnerability exists in the Microsoft.AspNetCore.DataProtection library within ASP.NET Core 10.0. A logic flaw in the cryptographic signature verification routine of the Managed Authenticated Encryptor allows unauthorized attackers to bypass integrity checks by submitting an all-zero HMAC, enabling the forgery of protected payloads such as authentication cookies and antiforgery tokens.
12 views•6 min read
•about 7 hours ago•CVE-2026-29179
3.3CVE-2026-29179: Incorrect Authorization Bypass in October CMS Editor Extensions
October CMS versions prior to 3.7.16 and 4.1.16 contain an incorrect authorization vulnerability (CWE-863) within the CMS Editor and Tailor Editor extensions. Backend users with generic editor access can bypass granular sub-permission restrictions to perform unauthorized file operations and view directory structures.
6 views•6 min read
•about 7 hours ago•CVE-2026-39320
7.5CVE-2026-39320: Unauthenticated ReDoS in Signal K Server WebSocket Subscriptions
Signal K Server prior to version 2.25.0 contains a Regular Expression Denial of Service (ReDoS) vulnerability in its WebSocket subscription handling module. The application dynamically compiles unvalidated user input into regular expressions, allowing unauthenticated remote attackers to trigger catastrophic backtracking in the Node.js V8 engine. This results in complete resource exhaustion and immediate denial of service.
4 views•6 min read
•about 8 hours ago•CVE-2026-39377
6.5CVE-2026-39377: Arbitrary File Write via Path Traversal in Jupyter nbconvert
Jupyter nbconvert versions 6.5 through 7.17.0 contain a path traversal vulnerability resulting in arbitrary file write capabilities. The `ExtractAttachmentsPreprocessor` fails to sanitize filenames extracted from notebook cell attachments before constructing output paths. Processing a maliciously crafted Jupyter notebook allows an attacker to write files outside the intended output directory, potentially leading to remote code execution.
3 views•7 min read
•about 9 hours ago•CVE-2026-39378
6.5CVE-2026-39378: Arbitrary File Read via Path Traversal in Jupyter nbconvert
Jupyter nbconvert versions 6.5 through 7.17.0 contain a path traversal vulnerability. When the HTMLExporter.embed_images configuration is enabled, the markdown renderer improperly resolves local image paths. This flaw allows an attacker to read arbitrary files from the host system by providing a maliciously crafted Jupyter Notebook containing path traversal sequences in image references.
5 views•6 min read
•about 10 hours ago•CVE-2026-40343
6.9CVE-2026-40343: Fail-Open Request Handling in free5GC UDR Policy Data Subscription
A fail-open request handling vulnerability in the free5GC UDR service up to version 1.4.2 allows attackers to create invalid or unintended Policy Data notification subscriptions. The application fails to terminate execution upon encountering HTTP body retrieval or JSON deserialization errors, proceeding to process uninitialized data.
8 views•5 min read
•about 12 hours ago•CVE-2026-39396
3.1CVE-2026-39396: Resource Exhaustion via Decompression Bomb in OpenBao OCI Plugin Downloader
OpenBao versions prior to 2.5.3 are vulnerable to a resource exhaustion denial-of-service (DoS) flaw due to unbounded disk writes during OCI plugin extraction. A crafted container image served from a compromised registry acts as a decompression bomb, exhausting host disk space when OpenBao streams the data directly to disk without enforcing size limits.
2 views•7 min read
•about 12 hours ago•CVE-2026-40923
5.4CVE-2026-40923: Tekton Pipelines VolumeMount Path Restriction Bypass via Missing Path Normalization
CVE-2026-40923 is a path traversal vulnerability in Tekton Pipelines, a Kubernetes-native CI/CD framework. The vulnerability allows an authenticated attacker with permissions to create Task or TaskRun resources to bypass VolumeMount path restrictions. By using '..' path traversal components in a mount path, an attacker can mount volumes over restricted internal Tekton directories, potentially leading to the injection of fake task results, modification of execution scripts, or interference with pipeline coordination state.
4 views•6 min read
•about 13 hours ago•CVE-2026-40924
6.5CVE-2026-40924: Uncontrolled Resource Consumption in Tekton Pipelines HTTP Resolver
An uncontrolled resource consumption vulnerability exists in the HTTP resolver component of Tekton Pipelines prior to version 1.11.1. The flaw allows an authenticated attacker to trigger an out-of-memory (OOM) condition by returning an arbitrarily large HTTP response body during pipeline resolution, resulting in a denial of service for all resolution tasks within the Kubernetes cluster.
7 views•6 min read
•about 14 hours ago•CVE-2026-40938
7.5CVE-2026-40938: Remote Code Execution via Argument Injection in Tekton Pipelines Git Resolver
Tekton Pipelines versions 1.0.0 through 1.11.0 contain a critical argument injection vulnerability in the git resolver component. An attacker with permissions to create ResolutionRequest objects can achieve remote code execution and cluster-wide secret exfiltration by injecting malicious flags into the git fetch command.
4 views•8 min read
•about 15 hours ago•CVE-2026-39946
4.6CVE-2026-39946: SQL Injection in OpenBao PostgreSQL Secrets Engine via Unquoted Schema Identifiers
OpenBao versions prior to 2.5.3 contain an SQL injection vulnerability in the PostgreSQL database secrets engine. The system fails to quote schema identifiers during dynamic role revocation, allowing a high-privileged attacker to execute arbitrary SQL commands via crafted schema names.
5 views•5 min read
•about 15 hours ago•CVE-2026-39861
7.7CVE-2026-39861: Sandbox Escape via Symlink Following in Anthropic Claude Code
Claude Code versions prior to 2.1.64 contain a sandbox escape vulnerability due to improper handling of symbolic links. Sandboxed processes can create symlinks pointing outside the designated workspace, which the unsandboxed host process subsequently follows during file write operations. This enables arbitrary file writes on the host system, typically exploited via prompt injection.
4 views•6 min read