•about 3 hours ago•GHSA-XVP4-PHQJ-CJR3
8.8GHSA-XVP4-PHQJ-CJR3: Insecure Direct Object Reference (IDOR) Leading to Account Takeover in phpMyFAQ
phpMyFAQ versions prior to 4.1.3 contain a critical Insecure Direct Object Reference (IDOR) vulnerability within the administration API. An authenticated attacker with basic user-edit privileges can exploit this flaw to overwrite the password of any higher-privileged user, including the SuperAdmin account. This leads to complete application compromise.
2 views•6 min read
•about 3 hours ago•GHSA-GP95-J463-VV28
7.5GHSA-GP95-J463-VV28: Authentication Bypass via Insecure Default Token in phpMyFAQ REST API
phpMyFAQ contains an authentication bypass vulnerability within its REST API architecture introduced in version 4.0. The vulnerability stems from insecure default initialization of the API client token to an empty string, coupled with flawed comparative logic in the authentication controller. This allows unauthenticated remote attackers to bypass authorization checks and interact with administrative API endpoints.
2 views•6 min read
•about 4 hours ago•GHSA-W9XH-5F39-VQ89
7.1GHSA-w9xh-5f39-vq89: Authentication Bypass and Account Takeover via Weak Password Recovery in phpMyFAQ
phpMyFAQ versions prior to 4.1.3 contain a critical authentication bypass and account takeover vulnerability due to a flawed password recovery mechanism. The application processes password reset requests without requiring cryptographic token verification, allowing unauthenticated attackers to arbitrarily change passwords and lock out legitimate users.
2 views•6 min read
•about 8 hours ago•CVE-2026-40370
8.8CVE-2026-40370: Authenticated Remote Code Execution in Microsoft SQL Server via Path Manipulation
CVE-2026-40370 is a high-severity Remote Code Execution (RCE) vulnerability affecting Microsoft SQL Server versions 2016 through 2025. It stems from improper path validation (CWE-73) in internal stored procedures, allowing an authenticated user with low privileges to execute arbitrary code within the context of the SQL Server service account.
4 views•6 min read
•about 11 hours ago•CVE-2026-32175
7.5CVE-2026-32175: Absolute Path Traversal and Arbitrary File Write in .NET Core Archive Extraction
CVE-2026-32175 is a high-severity tampering vulnerability affecting .NET Core versions 8.0, 9.0, and 10.0 on Windows platforms. The vulnerability stems from an Absolute Path Traversal (CWE-36) flaw in the extraction mechanisms handling NuGet packages and application bundles. An unauthenticated remote attacker can exploit this weakness by providing a specially crafted archive file. The extraction logic fails to sanitize archive entry names containing absolute paths, leading to arbitrary file writes on the host system. Successful exploitation allows the attacker to compromise application integrity by overwriting critical system files or planting malicious executables.
6 views•7 min read
•1 day ago•GHSA-7HGR-7H44-33W2
HighGHSA-7HGR-7H44-33W2: Unauthenticated Browser Control via Confused Deputy in camofox-mcp
The camofox-mcp package prior to version 1.13.2 contains a critical access control vulnerability on its Model Context Protocol (MCP) HTTP transport layer. The server fails to authenticate inbound requests while simultaneously appending an administrative API key to outbound backend requests. This Confused Deputy flaw allows unauthenticated clients to exercise full administrative control over the backend headless browser environment.
8 views•7 min read
•1 day ago•CVE-2026-45773
6.5CVE-2026-45773: Cross-Site Request Forgery and Session Fixation in Turborepo CLI
Vercel Turborepo CLI versions prior to 2.9.14 are vulnerable to Cross-Site Request Forgery (CSRF) and Session Fixation during self-hosted remote cache authentication. The local callback server fails to validate the OAuth2 state parameter, allowing malicious websites to inject attacker-controlled tokens and compromise build environments.
5 views•6 min read
•1 day ago•GHSA-HC3C-63HC-2R9F
7.5GHSA-HC3C-63HC-2R9F: Denial of Service via Uncaught Exception in libcrux-chacha20poly1305
The libcrux-chacha20poly1305 cryptographic crate contains a Denial of Service vulnerability triggered by providing an overlong ciphertext buffer during encryption. This flaw manifests as a runtime panic due to an improper slice conversion, allowing attackers to terminate the application if buffer sizes are user-influenced.
5 views•7 min read
•1 day ago•GHSA-FHVH-VW7H-9XF3
8.2GHSA-FHVH-VW7H-9XF3: Cryptographic Signature Forgery via AVX2 Logic Error in libcrux-ml-dsa
A critical logic vulnerability in the libcrux-ml-dsa library allows cryptographic signature forgery on x86_64 architectures using the AVX2 backend. The flaw originates from an incorrect SIMD implementation of the ML-DSA use_hint function, violating FIPS 204 specifications and allowing attackers to bypass signature verification.
2 views•8 min read
•1 day ago•CVE-2026-45740
5.3CVE-2026-45740: Uncontrolled Recursion in protobufjs Leading to Denial of Service
An uncontrolled recursion vulnerability exists in the protobufjs library prior to versions 7.5.8 and 8.2.0. The lack of depth limits in the JSON descriptor parsing logic allows attackers to cause a stack overflow and crash the Node.js process via deeply nested payloads.
11 views•6 min read
•1 day ago•CVE-2026-32177
7.3CVE-2026-32177: Heap-Based Buffer Overflow in .NET Core and Visual Studio
CVE-2026-32177 is a high-severity heap-based buffer overflow affecting multiple versions of Microsoft .NET and Visual Studio. Triggered by insufficient input validation during file processing, the vulnerability permits local privilege escalation when a user opens a specially crafted file.
15 views•6 min read
•2 days ago•CVE-2026-42899
7.5CVE-2026-42899: Denial of Service via Infinite Loops in ASP.NET Core Subsystems
CVE-2026-42899 is a high-severity Denial of Service (DoS) vulnerability in the Microsoft ASP.NET Core framework, characterized by multiple instances of a 'Loop with Unreachable Exit Condition' (CWE-835). An unauthenticated remote attacker can trigger 100% CPU utilization by supplying specially crafted requests that exploit logic errors in request parsing, data protection, minimal APIs, and caching subsystems.
13 views•7 min read