•about 1 hour ago•GHSA-VRX2-77F2-WW34
6.0GHSA-vrx2-77f2-ww34: Multiple Sanitization Bypasses and DOM Manipulation Flaws in justhtml
The `justhtml` library (versions <= 1.16.0) is vulnerable to multiple security flaws, including cross-site scripting (XSS), mutation XSS (mXSS), CSS injection, and denial-of-service (DoS). These vulnerabilities arise from improper handling of foreign namespaces, incomplete DOM serialization constraints, and a lack of cycle detection in programmatic DOM node manipulation.
0 views•8 min read
•about 2 hours ago•GHSA-2HP7-65R3-WV54
9.8GHSA-2HP7-65R3-WV54: Critical Improper Network Binding in NornicDB Bolt Server
NornicDB versions prior to v1.0.42-hotfix contain a critical improper network binding vulnerability in the Bolt server component. The server fails to honor explicit host binding configurations, instead attaching to the wildcard network interface (0.0.0.0). This exposure permits unauthenticated remote network attackers to connect directly via the Neo4j Bolt protocol and execute arbitrary Cypher queries against the database.
3 views•6 min read
•about 3 hours ago•GHSA-2CJR-5V3H-V2W4
5.3GHSA-2CJR-5V3H-V2W4: Prototype Pollution via Insecure Object.assign in Evolver Mailbox Store
The @evomap/evolver npm package contains a prototype pollution vulnerability in its mailbox persistence logic. Versions prior to 1.69.3 use Object.assign() insecurely when parsing user-controlled updates from local persistence files. Attackers with write access to the persistence store can inject malicious prototype properties, leading to application-wide state manipulation, authorization bypass, or denial of service.
2 views•6 min read
•about 7 hours ago•GHSA-J5W5-568X-RQ53
9.8GHSA-J5W5-568X-RQ53: Remote Code Execution via Command Injection in @evomap/evolver
The @evomap/evolver NPM package contains a critical command injection vulnerability in its _extractLLM utility function. Applications passing unsanitized input to this function are vulnerable to unauthenticated remote code execution, allowing attackers to execute arbitrary system commands with the privileges of the Node.js process.
8 views•6 min read
•about 8 hours ago•GHSA-R466-RXW4-3J9J
8.1GHSA-r466-rxw4-3j9j: Path Traversal and Arbitrary File Write in Evolver fetch Command
The @evomap/evolver npm package prior to version 1.69.3 contains a critical path traversal vulnerability in its `fetch` command. Unsanitized input passed to the `--out` command-line flag allows an attacker to escape the intended directory structure and write arbitrary files to any location writable by the Node.js process.
5 views•7 min read
•about 9 hours ago•GHSA-WGX6-G857-JJF7
8.1GHSA-WGX6-G857-JJF7: Authentication Bypass and Privilege Escalation in OpenC3 COSMOS via Token-Password Interchangeability
OpenC3 COSMOS contains a critical authentication vulnerability where session tokens and user passwords are treated interchangeably by the internal credential verification mechanism. An attacker possessing a valid session token can use that token to bypass the "old password" requirement during a password reset operation. This leads to persistent account takeover and locks the legitimate user out of the affected account.
5 views•7 min read
•about 10 hours ago•GHSA-4JVX-93H3-F45H
ModerateGHSA-4jvx-93h3-f45h: Path Traversal and Arbitrary File Write in OpenC3 COSMOS
OpenC3 COSMOS suffers from a path traversal vulnerability in its configuration management system. Insufficient validation of the tool and name parameters allows an attacker to write arbitrary files into the shared plugins directory, compromising system integrity.
5 views•5 min read
•about 11 hours ago•GHSA-FFQ5-QPVF-XQ7X
5.4GHSA-ffq5-qpvf-xq7x: Self-Cross-Site Scripting via Unsafe eval() in OpenC3 COSMOS Command Sender
OpenC3 COSMOS versions prior to 7.0.0 contain a vulnerability in the Command Sender UI where array-like command parameters are processed using the unsafe eval() function. This design flaw permits the execution of arbitrary JavaScript within the user's browser context.
4 views•6 min read
•about 18 hours ago•GHSA-HPPC-G8H3-XHP3
7.5GHSA-HPPC-G8H3-XHP3: Out-of-Bounds Read via Unchecked Callback Length in rust-openssl
The `openssl` crate for Rust contains a critical memory disclosure vulnerability within its FFI trampolines for Pre-Shared Key (PSK) and TLS/DTLS cookie callbacks. By failing to validate the return length from user-provided closures, the library allows OpenSSL to perform an out-of-bounds read. This flaw enables an unauthenticated remote attacker to extract adjacent heap or stack memory during the TLS handshake process.
13 views•6 min read
•about 18 hours ago•GHSA-MGCP-MFP8-3Q45
N/AGHSA-MGCP-MFP8-3Q45: Path Traversal and URL Injection in i18next-locize-backend
The i18next-locize-backend package prior to version 9.0.2 is vulnerable to path traversal and URL injection via unsanitized template interpolation. Attackers can control parameters such as language or namespace to manipulate API request URLs, potentially leading to arbitrary resource access or local file read.
7 views•7 min read
•about 19 hours ago•CVE-2026-41651
8.8CVE-2026-41651: Local Privilege Escalation via TOCTOU Race Condition in PackageKit
CVE-2026-41651, internally tracked as Pack2TheRoot, is a high-severity local privilege escalation vulnerability in the PackageKit daemon (packagekitd). The flaw involves a Time-of-Check Time-of-Use (TOCTOU) race condition in D-Bus transaction handling that permits local unprivileged users to bypass Polkit authorization and install arbitrary packages as root.
27 views•6 min read
•about 19 hours ago•CVE-2026-33471
9.6CVE-2026-33471: Consensus Quorum Bypass via Integer Truncation in Nimiq core-rs-albatross
An integer truncation vulnerability in the Nimiq Albatross Proof-of-Stake implementation allows a malicious validator to bypass the 2f+1 consensus quorum requirement. By crafting a BitSet with out-of-bounds indices that alias to the same 16-bit validator slot, an attacker can forge valid multi-signatures to finalize arbitrary blocks or manipulate chain liveness.
11 views•6 min read