•about 6 hours ago•CVE-2026-35402
2.3CVE-2026-35402: Improper Access Control in mcp-neo4j-cypher via Stored Procedure Bypass
CVE-2026-35402 is an improper access control vulnerability in the mcp-neo4j-cypher server. The application implements a read-only mode using a regex-based keyword blocklist, which fails to restrict execution of Cypher stored procedures via the CALL keyword. This allows authenticated users or LLM agents to bypass restrictions, potentially leading to unauthorized data modification and Server-Side Request Forgery.
5 views•5 min read
•about 6 hours ago•GHSA-JP74-MFRX-3QVH
9.9GHSA-jp74-mfrx-3qvh: Authenticated SQL Injection in Saltcorn Mobile Sync Endpoints
A high-severity SQL injection vulnerability in the Saltcorn `@saltcorn/server` package allows low-privileged, authenticated users to execute arbitrary SQL commands. The flaw resides in the `/sync/load_changes` endpoint, where user-controlled input is directly interpolated into database queries without sanitization.
4 views•7 min read
•about 7 hours ago•GHSA-92JP-89MQ-4374
9.8GHSA-92JP-89MQ-4374: Unauthenticated Sandbox Access and Context Leakage in OpenClaw
OpenClaw versions prior to 2026.4.9 suffer from an improper middleware configuration and a sensitive information exposure flaw. This combination allows unauthenticated remote attackers to bypass authorization controls and gain interactive access to the application's sandboxed browser sessions via noVNC.
6 views•8 min read
•about 14 hours ago•GHSA-3G92-F9CH-QJCM
4.0GHSA-3G92-F9CH-QJCM: Cryptographic Hash Collision in Plonky3 p3-symmetric Sponge Construction
The `p3-symmetric` crate in the Plonky3 library implements sponge-based hash functions using cryptographic permutations. Prior to the patch, the library provided a `PaddingFreeSponge` implementation that utilized an overwrite-mode sponge construction without mandatory padding. This construction is not collision-resistant for variable-length inputs, allowing attackers to generate identical internal states for messages of different lengths.
6 views•6 min read
•about 15 hours ago•GHSA-FV5P-P927-QMXR
6.5GHSA-FV5P-P927-QMXR: SSRF via Redirect Bypass in LangChain HTMLHeaderTextSplitter
The `langchain-text-splitters` package prior to version 0.3.5 is vulnerable to Server-Side Request Forgery (SSRF) in the `HTMLHeaderTextSplitter.split_text_from_url` method. The vulnerability arises from an incomplete validation mechanism that checks the initial URL but fails to restrict subsequent HTTP redirects, allowing an attacker to access restricted internal resources and cloud metadata services.
5 views•6 min read
•about 21 hours ago•CVE-2026-33116
7.5CVE-2026-33116: Denial of Service via XML Encryption Circular References in .NET
CVE-2026-33116 is a critical Denial of Service (DoS) vulnerability in the .NET System.Security.Cryptography.Xml namespace. It allows an unauthenticated remote attacker to cause CPU exhaustion and thread hangs by supplying a crafted XML document with circular encrypted references.
8 views•5 min read
•about 21 hours ago•CVE-2026-32203
7.5CVE-2026-32203: Stack-based Buffer Overflow in .NET Cryptography XML Processing
Microsoft .NET and Visual Studio contain a stack-based buffer overflow vulnerability within the System.Security.Cryptography.Xml library. The flaw occurs due to unbounded recursion when processing deeply nested XML-based cryptographic structures, allowing unauthenticated attackers to cause a Denial of Service (DoS) via process exhaustion.
9 views•6 min read
•about 21 hours ago•CVE-2026-32178
7.5CVE-2026-32178: SMTP Header Injection and Protocol Smuggling in .NET System.Net.Mail
CVE-2026-32178 is a high-severity spoofing and protocol smuggling vulnerability in the Microsoft .NET runtime and Visual Studio. The flaw stems from inadequate neutralization of carriage return and line feed (CRLF) characters within the System.Net.Mail namespace, permitting attackers to inject unauthorized SMTP headers and manipulate email routing logic.
5 views•7 min read
•about 21 hours ago•CVE-2026-26171
7.5CVE-2026-26171: Denial of Service in .NET System.Security.Cryptography.Xml
Uncontrolled resource consumption and improper restriction of XML External Entity (XXE) references within the .NET System.Security.Cryptography.Xml.EncryptedXml class allow an unauthenticated remote attacker to cause a Denial of Service (DoS) via maliciously crafted encrypted XML payloads.
5 views•7 min read
•about 24 hours ago•GHSA-R7W7-9XR2-QQ2R
3.1GHSA-R7W7-9XR2-QQ2R: Server-Side Request Forgery via DNS Rebinding in langchain-openai
A Server-Side Request Forgery (SSRF) vulnerability exists in the langchain-openai package before version 1.1.14 due to a Time-of-Check Time-of-Use (TOCTOU) race condition in the image token calculation logic. The _url_to_size function evaluates URL safety and performs the HTTP fetch using separate DNS resolutions, permitting a DNS rebinding attack.
4 views•7 min read
•1 day ago•GHSA-F3G8-9XV5-77GV
5.1GHSA-f3g8-9xv5-77gv: Open Redirect in Saltcorn via Incomplete URL Validation
The @saltcorn/server package contains an open redirect vulnerability (CWE-601) in the login route. An attacker can craft a malicious URL using backslashes to bypass the application's relative URL validation logic, resulting in the redirection of authenticated users to arbitrary external domains.
6 views•6 min read
•1 day ago•CVE-2026-6270
9.1CVE-2026-6270: Authentication Bypass via Middleware Interpretation Conflict in Fastify Middie
CVE-2026-6270 is a critical authentication and authorization bypass vulnerability affecting the Fastify ecosystem, specifically `@fastify/middie` and `@fastify/fastify-express`. The flaw arises from an interpretation conflict in middleware path propagation, allowing unauthenticated requests to bypass security guards and access protected child plugin routes.
5 views•7 min read