•about 12 hours ago•CVE-2026-9354
6.9CVE-2026-9354: Arbitrary Mass Mention Bypass in NousResearch hermes-agent Slack and Mattermost Adapters
A vulnerability in the Slack and Mattermost platform adapters for NousResearch hermes-agent permits an unauthenticated remote attacker to execute arbitrary mass mentions. By leveraging prompt injection, an attacker can bypass output sanitization logic and trigger workspace-wide notification exhaustion.
15 views•6 min read
•about 21 hours ago•CVE-2026-9306
6.3CVE-2026-9306: Unauthenticated Insecure Direct Object Reference (IDOR) in QuantumNous new-api Midjourney Relay
CVE-2026-9306 is a critical unauthenticated Insecure Direct Object Reference (IDOR) vulnerability located in the QuantumNous new-api application, affecting versions up to and including 0.12.1. The flaw is caused by improper middleware ordering combined with a lack of object-level authorization checks. This allows remote, unauthenticated attackers to retrieve sensitive Midjourney images belonging to other users by supplying a valid task identifier.
7 views•5 min read
•1 day ago•GHSA-GGXF-37HM-9WQF
6.5GHSA-GGXF-37HM-9WQF: Session Leakage via Unsafe Challenge Path Parsing in instagrapi
The instagrapi library prior to version 2.6.9 contains an improper input validation vulnerability within its challenge handling mechanism. Maliciously crafted server responses can manipulate the client into forwarding session cookies and credentials to an external attacker-controlled domain.
7 views•6 min read
•2 days ago•GHSA-QQQM-5547-774X
9.1GHSA-QQQM-5547-774X: Unauthenticated Path Traversal in FileBrowser Quantum PATCH Handler
GHSA-QQQM-5547-774X is a critical path traversal vulnerability in the FileBrowser Quantum application, specifically within the Go backend package. The vulnerability resides in the HTTP handler responsible for processing bulk file modifications via the public API. Unauthenticated attackers can exploit an order-of-operations flaw in the path sanitization logic to bypass intended directory restrictions. This allows adversaries to arbitrarily read, move, and overwrite files on the underlying filesystem by supplying specially crafted HTTP PATCH requests.
4 views•6 min read
•2 days ago•CVE-2026-8723
5.3CVE-2026-8723: Synchronous Denial of Service in qs npm Package via TypeError
The qs query string parsing and serialization library for Node.js is vulnerable to a synchronous Denial of Service (DoS) attack. The vulnerability manifests as a process-terminating TypeError when processing arrays with null or undefined elements under specific configuration parameters.
17 views•7 min read
•2 days ago•GHSA-7M8F-HGJQ-8GC9
7.5GHSA-7M8F-HGJQ-8GC9: Pre-Authentication Denial of Service via Insecure Deserialization Order in aiosend
The aiosend library prior to version 3.0.6 contains a pre-authentication Denial of Service (DoS) vulnerability in its webhook handling mechanism. The software processes and deserializes incoming JSON payloads before verifying the cryptographic signature, allowing unauthenticated attackers to exhaust server CPU and memory resources by sending large, complex payloads.
3 views•6 min read
•3 days ago•GHSA-JQQ5-8PX3-9M6M
6.2GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders
A heap-based buffer overflow vulnerability exists in the JSON and YAML encoders of ImageMagick and Magick.NET. This issue constitutes an incomplete fix for CVE-2026-40169, resulting in a single-byte out-of-bounds write (off-by-one error) during image metadata serialization.
4 views•6 min read
•3 days ago•GHSA-VF33-6R7X-66XX
3.3GHSA-VF33-6R7X-66XX: Division by Zero and Integer Overflow in ImageMagick Morphology
ImageMagick versions prior to 7.1.1-33 contain an integer overflow vulnerability within the morphology module's binomial kernel generation logic. This integer overflow propagates to yield a division by zero error, resulting in a denial of service.
3 views•6 min read
•3 days ago•GHSA-QV2Q-C278-PCH5
3.7GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick
ImageMagick and its .NET wrapper Magick.NET fail to generate unique Initialization Vectors (IVs) when using the PasskeyEncipherImage method with AES-CTR mode. The deterministic derivation of the IV relies solely on the passphrase and the image dimensions. This cryptographic flaw leads to nonce reuse, allowing an attacker to recover plain text pixel data via XOR operations on ciphertexts.
4 views•5 min read
•3 days ago•CVE-2026-8596
7.2CVE-2026-8596: Remote Code Execution via Cleartext HMAC Key in Amazon SageMaker Python SDK
The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to the cleartext storage of a symmetric HMAC signing key in job environment variables. An authenticated attacker with `Describe` permissions can extract this key to forge valid integrity signatures for malicious model artifacts.
4 views•6 min read
•3 days ago•CVE-2026-8597
7.2CVE-2026-8597: Arbitrary Code Execution via Missing Integrity Verification in Amazon SageMaker Python SDK Triton Handler
The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to a lack of cryptographic integrity verification in its Triton inference handler. An attacker possessing S3 write permissions can replace legitimate model artifacts with a malicious payload, resulting in code execution within the inference container upon deserialization.
4 views•6 min read
•3 days ago•GHSA-HGV7-V322-MMGR
8.6GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch
The SvelteKit framework contains a critical cross-talk vulnerability within its server-side rendering (SSR) processing logic. The query.batch functionality improperly scopes state variables during concurrent request handling, allowing data intended for one user session to be exposed to another. The issue is resolved in version 2.60.1 by migrating the batching state to a strictly isolated request store.
3 views•7 min read