•about 4 hours ago•GHSA-MQQ7-WXX5-MP8H
3.3GHSA-MQQ7-WXX5-MP8H: Unauthorized Method Invocation in PrestaShop Checkout
The PrestaShop Checkout (ps_checkout) module prior to version 5.3.0 suffers from an improper input validation vulnerability (CWE-20). This defect allows an attacker to dynamically invoke unauthorized public methods within the application scope by manipulating HTTP request parameters. While categorized as a low-severity flaw due to limited exploitation vectors, it highlights critical risks in dynamic method routing.
2 views•7 min read
•about 15 hours ago•GHSA-83HF-93M4-RGWQ
4.0CVE-2026-42254: Cross-Zone DNS Cache Poisoning in Hickory DNS Recursor
The hickory-recursor crate in Hickory DNS contains a cache poisoning vulnerability due to improper record keying and weak bailiwick validation. This allows a malicious nameserver to inject unauthorized NS records for sibling zones into the global DNS cache, hijacking subsequent queries.
5 views•7 min read
•about 16 hours ago•GHSA-28XX-PPPM-VQFF
7.5GHSA-28xx-pppm-vqff: Silent Data Loss via Uncommitted Transactions in ydb-go-sdk
The `ydb-go-sdk` for Yandex Database suffers from a critical logic vulnerability where transactions are not committed when using the `options.WithCommit()` option on the final `table.Transaction.Execute` call. This implementation flaw forces the SDK to discard the commit instruction before transmission. Consequently, the server processes the query but leaves the transaction open, while the SDK erroneously reports success to the calling application, leading to complete and silent data loss.
4 views•8 min read
•1 day ago•CVE-2026-31431
7.8CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG
CVE-2026-31431, colloquially known as "Copy Fail," is a critical logic flaw in the Linux kernel's Cryptographic API (specifically the `algif_aead` module). It allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the read-only page cache of any accessible file on the system. By corrupting the in-memory representation of SUID binaries, an attacker achieves local privilege escalation to the root user and can successfully escape containerized environments.
722 views•7 min read
•1 day ago•CVE-2026-41680
7.5CVE-2026-41680: Denial of Service via Infinite Recursion in marked Lexer
The marked Node.js Markdown parser versions 18.0.0 and 18.0.1 contain a critical vulnerability where a specific 3-byte sequence triggers infinite recursion. This flaw leads to rapid memory exhaustion and application denial of service.
5 views•6 min read
•1 day ago•GHSA-84G5-X8J3-7235
7.5GHSA-84G5-X8J3-7235: DNS Filter Bypass via Off-by-one Error in Netfoil Suffix Trie
Netfoil versions prior to v0.2.1 contain an off-by-one logic error within the custom suffix trie implementation used for domain matching. This flaw allows an attacker to bypass DNS allowlist configurations by prepending arbitrary characters to approved domain names.
5 views•5 min read
•1 day ago•GHSA-VJGJ-42F6-7997
6.0GHSA-vjgj-42f6-7997: Protection Mechanism Failure via Incomplete Seccomp Sandbox in Netfoil
Netfoil versions prior to v0.2.1 suffer from a protection mechanism failure where the optional seccomp sandbox causes the application to crash or fails to apply due to an incomplete system call whitelist. This flaw neutralizes the intended defense-in-depth mechanisms, leaving the application with standard runtime privileges.
5 views•5 min read
•1 day ago•GHSA-GFG9-5357-HV4C
6.5GHSA-GFG9-5357-HV4C: Local File Read via Unsandboxed Audio Embedding in OpenClaw Gateway
The OpenClaw gateway component prior to version 2026.4.15 contains a Local File Read (LFR) vulnerability due to improper restriction of pathnames to authorized directories. The flaw resides in the webchat audio embedding functionality, which fails to restrict local file resolution to a trusted sandbox directory. An attacker who can influence the media URL of an agent reply can extract arbitrary local files that bypass extension and size filters, exposing sensitive data to the web interface.
8 views•7 min read
•1 day ago•GHSA-C28G-VH7M-FM7V
5.5GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in OpenClaw Command Resolution
OpenClaw contains an improper authorization vulnerability where the framework fails to adequately differentiate between channel-level access rights and administrative command ownership. When a wildcard channel configuration is employed without an explicitly defined owner allowlist, the fallback logic incorrectly grants administrative privileges to any user communicating on that channel.
6 views•7 min read
•2 days ago•CVE-2026-40897
8.8CVE-2026-40897: Remote Code Execution via Array Property Modification in mathjs
A critical vulnerability in the mathjs expression parser permits attackers to bypass sandbox restrictions. By exploiting an improperly controlled modification of dynamically-determined object attributes on Array instances, an attacker can leak the Function constructor and achieve unauthenticated remote code execution.
14 views•7 min read
•3 days ago•GHSA-74M3-9QVM-RP9H
8.8GHSA-74M3-9QVM-RP9H: Arbitrary Host Filesystem Access via Symlink Following in zrok WebDAV
A critical vulnerability in the WebDAV drive backend of openziti/zrok allows unauthenticated or authenticated users to escape the designated shared directory. By creating or interacting with symbolic links, an attacker can achieve arbitrary file read and write access on the host system running the zrok process.
9 views•7 min read
•3 days ago•CVE-2026-3008
6.6CVE-2026-3008: Format String Injection in Notepad++ Localization Parser
Notepad++ version 8.9.3 contains a format string injection vulnerability within its localization configuration parser. The application passes an unvalidated string from the nativeLang.xml file directly to the wsprintfW Windows API function. This flaw allows an attacker to cause an application crash or leak memory addresses by supplying a maliciously crafted language file.
109 views•6 min read