•about 6 hours ago•GHSA-G72G-R7M4-9X4G
6.3GHSA-G72G-R7M4-9X4G: Insufficient Session Expiration of OAuth Tokens in NocoDB
NocoDB is subject to an insufficient session expiration vulnerability where OAuth access and refresh tokens are not invalidated or revoked during security-sensitive actions such as password changes, forgot-password requests, or password resets. This allows an attacker possessing an active OAuth token to maintain unauthorized persistence.
5 views•6 min read
•about 8 hours ago•GHSA-FGMC-2HQJ-86V4
6.9GHSA-FGMC-2HQJ-86V4: Default Administrative Credentials in vantage6-server
A vulnerability in the vantage6 federated learning framework allows unauthenticated remote attackers to gain administrative control of the server via hardcoded default credentials (root/root) when deployed under default configurations in versions 4.2.3 and below.
7 views•5 min read
•about 9 hours ago•GHSA-X9F6-9RVM-MMRG
6.9GHSA-X9F6-9RVM-MMRG: Improper Access Control and Volume Mount Isolation Bypass in vantage6 Node
An improper access control vulnerability in the vantage6 node component allows concurrently running algorithm containers to read and modify sensitive input and output files of other tasks. The lack of strict workspace directory isolation exposes a significant attack surface in multi-tenant or federated environments where untrusted algorithms are executed.
4 views•4 min read
•about 13 hours ago•CVE-2026-47760
8.7CVE-2026-47760: Cross-Site Scripting (XSS) via SVG Namespace Sanitizer Bypass in TinyMCE
TinyMCE versions 6.8.0 through 7.0.1 contain a high-severity Cross-Site Scripting (XSS) vulnerability. The flaw exists in the custom HTML parser and sanitizer module, which incorrectly manages SVG namespace scopes when parsing nested elements. A low-privileged or unauthenticated attacker can submit a crafted HTML payload containing nested SVG structures to bypass sanitization filters, leading to arbitrary JavaScript execution in the context of the victim's browser session.
13 views•7 min read
•about 14 hours ago•CVE-2026-47759
8.7CVE-2026-47759: Stored Cross-Site Scripting (XSS) via Unsanitized data-mce-* Serialization Bypass in TinyMCE
CVE-2026-47759 is a critical stored Cross-Site Scripting (XSS) vulnerability affecting multiple active branches of the TinyMCE rich text editor. The flaw resides in the editor's handling of user-controlled, prefixed internal attributes, such as data-mce-href, data-mce-src, and data-mce-style. When processing raw HTML inputs, TinyMCE's internal validation schema neglects to inspect these custom prefixed attributes. During HTML serialization, the editor's engine extracts these unsanitized values and copies them back into standard executable attributes, overwriting any previously sanitized standard values and leading to execution of arbitrary code.
8 views•7 min read
•about 14 hours ago•CVE-2026-47762
8.7CVE-2026-47762: Stored Cross-Site Scripting (XSS) in TinyMCE Protect Pattern Restoration
A high-severity stored Cross-Site Scripting (XSS) vulnerability was identified in the TinyMCE rich text editor. The flaw exists in the handling of the 'protect' configuration option, where forged placeholder comments containing malicious payloads bypass the editor's sanitization routines and execute arbitrary JavaScript during serialization and content restoration.
7 views•8 min read
•about 15 hours ago•CVE-2026-47742
6.5CVE-2026-47742: Missing Authorization and Client-Side Property Tampering in Shopper E-commerce Panel
An authorization bypass and client-side property tampering vulnerability (CVE-2026-47742) in the Shopper headless admin panel (built on Laravel and Livewire) allows low-privileged users to modify arbitrary product records (Insecure Direct Object Reference). This occurs due to unlocked public model properties and a complete lack of access control checks on mutating sub-form store methods.
7 views•5 min read
•about 15 hours ago•CVE-2026-47745
6.5CVE-2026-47745: Missing Authorization in Shopper Admin Panel Settings
Shopper is an open-source headless e-commerce administration panel built on Laravel, Livewire, and Filament. Prior to version 2.8.0, the admin tables for PaymentMethods, Currencies, and Carriers exposed inline toggles and per-record actions that could be modified by any authenticated user without verifying the corresponding administrative permissions on the backend.
6 views•6 min read
•about 16 hours ago•CVE-2026-47715
3.1CVE-2026-47715: Insecure Direct Object Reference (IDOR) / Cross-Project Authorization Bypass in Bugsink
An Insecure Direct Object Reference (IDOR) vulnerability in Bugsink (versions < 2.2.0) allows authenticated users with access to at least one project to view sensitive event details (including stack traces, local/environment variables, and execution breadcrumbs) belonging to other projects, by supplying a known event UUID directly to the issue event URL paths.
5 views•7 min read
•about 16 hours ago•CVE-2026-47716
3.1CVE-2026-47716: Broken Object Level Authorization in Bugsink Bulk Issue Actions
Bugsink prior to version 2.2.0 is vulnerable to Broken Object Level Authorization (BOLA). The issue list view authorizes access based on the project in the URL path but applies requested bulk actions to submitted issue UUIDs globally, without verifying project ownership.
5 views•6 min read
•about 17 hours ago•CVE-2026-47728
4.3CVE-2026-47728: Multi-Tenant Isolation Bypass via Unscoped Debug ID Resolution in Bugsink
A critical authorization bypass vulnerability in Bugsink prior to version 2.2.0 allows authenticated users to access and resolve sourcemaps and debug files belonging to other projects on the same instance.
5 views•6 min read
•about 17 hours ago•GHSA-5X67-J5XG-C5GJ
4.3GHSA-5X67-J5XG-C5GJ: Denial of Service via Uncontrolled Resource Consumption in Bugsink Ingestion Pipeline
Bugsink, a Sentry-compatible self-hosted error tracker written in Python and Django, is vulnerable to a denial of service (DoS) in versions up to and including 2.2.1. The system's ingestion pipeline historically processed every metadata tag supplied with an incoming error event without bounding the maximum number of tags. Because database writes are serialized in Bugsink's typical single-writer architecture, a single event payload carrying an excessive number of tags can monopolize the database write lock, halting event processing for all other users.
6 views•6 min read