•about 4 hours ago•CVE-2025-10230
10.0CVE-2025-10230: Samba Active Directory Domain Controller WINS Server Hook Command Injection
A critical OS command injection vulnerability exists in Samba's Windows Internet Name Service (WINS) server implementation when configured to run as an Active Directory Domain Controller (AD DC). Unsanitized NetBIOS name data extracted from WINS registration packets is directly concatenated into a shell command invocation and executed via Samba's wins hook parameter.
5 views•6 min read
•about 6 hours ago•GHSA-XQ3M-2V4X-88GG
9.8CVE-2026-41242: Remote Code Execution via Dynamic Code Generation in protobufjs
CVE-2026-41242 is a critical code injection vulnerability in protobufjs. The library compiles custom serialization functions at runtime using the `Function` constructor. Prior to versions 7.5.5 and 8.0.1, dynamic type names were not sanitized, allowing an attacker to inject arbitrary JavaScript via crafted schema definitions, leading to remote code execution.
6 views•7 min read
•about 8 hours ago•GHSA-63GR-G7JC-V8RG
9.8GHSA-63GR-G7JC-V8RG: Missing Authentication in AgenticMail MCP HTTP Transport Layer
An architectural flaw in the optional Streamable HTTP transport mode of @agenticmail/mcp allows unauthenticated remote network clients to execute administrative API commands. The server, holding the AGENTICMAIL_MASTER_KEY, functions as a confused deputy, letting attackers run privileged functions like deleting agents and establishing mail relays.
3 views•8 min read
•10 days ago•CVE-2026-9354
6.9CVE-2026-9354: Arbitrary Mass Mention Bypass in NousResearch hermes-agent Slack and Mattermost Adapters
A vulnerability in the Slack and Mattermost platform adapters for NousResearch hermes-agent permits an unauthenticated remote attacker to execute arbitrary mass mentions. By leveraging prompt injection, an attacker can bypass output sanitization logic and trigger workspace-wide notification exhaustion.
48 views•6 min read
•11 days ago•CVE-2026-9306
6.3CVE-2026-9306: Unauthenticated Insecure Direct Object Reference (IDOR) in QuantumNous new-api Midjourney Relay
CVE-2026-9306 is a critical unauthenticated Insecure Direct Object Reference (IDOR) vulnerability located in the QuantumNous new-api application, affecting versions up to and including 0.12.1. The flaw is caused by improper middleware ordering combined with a lack of object-level authorization checks. This allows remote, unauthenticated attackers to retrieve sensitive Midjourney images belonging to other users by supplying a valid task identifier.
24 views•5 min read
•11 days ago•GHSA-GGXF-37HM-9WQF
6.5GHSA-GGXF-37HM-9WQF: Session Leakage via Unsafe Challenge Path Parsing in instagrapi
The instagrapi library prior to version 2.6.9 contains an improper input validation vulnerability within its challenge handling mechanism. Maliciously crafted server responses can manipulate the client into forwarding session cookies and credentials to an external attacker-controlled domain.
27 views•6 min read
•12 days ago•GHSA-QQQM-5547-774X
9.1GHSA-QQQM-5547-774X: Unauthenticated Path Traversal in FileBrowser Quantum PATCH Handler
GHSA-QQQM-5547-774X is a critical path traversal vulnerability in the FileBrowser Quantum application, specifically within the Go backend package. The vulnerability resides in the HTTP handler responsible for processing bulk file modifications via the public API. Unauthenticated attackers can exploit an order-of-operations flaw in the path sanitization logic to bypass intended directory restrictions. This allows adversaries to arbitrarily read, move, and overwrite files on the underlying filesystem by supplying specially crafted HTTP PATCH requests.
18 views•6 min read
•12 days ago•CVE-2026-8723
5.3CVE-2026-8723: Synchronous Denial of Service in qs npm Package via TypeError
The qs query string parsing and serialization library for Node.js is vulnerable to a synchronous Denial of Service (DoS) attack. The vulnerability manifests as a process-terminating TypeError when processing arrays with null or undefined elements under specific configuration parameters.
44 views•7 min read
•12 days ago•GHSA-7M8F-HGJQ-8GC9
7.5GHSA-7M8F-HGJQ-8GC9: Pre-Authentication Denial of Service via Insecure Deserialization Order in aiosend
The aiosend library prior to version 3.0.6 contains a pre-authentication Denial of Service (DoS) vulnerability in its webhook handling mechanism. The software processes and deserializes incoming JSON payloads before verifying the cryptographic signature, allowing unauthenticated attackers to exhaust server CPU and memory resources by sending large, complex payloads.
5 views•6 min read
•12 days ago•GHSA-JQQ5-8PX3-9M6M
6.2GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders
A heap-based buffer overflow vulnerability exists in the JSON and YAML encoders of ImageMagick and Magick.NET. This issue constitutes an incomplete fix for CVE-2026-40169, resulting in a single-byte out-of-bounds write (off-by-one error) during image metadata serialization.
6 views•6 min read
•13 days ago•GHSA-VF33-6R7X-66XX
3.3GHSA-VF33-6R7X-66XX: Division by Zero and Integer Overflow in ImageMagick Morphology
ImageMagick versions prior to 7.1.1-33 contain an integer overflow vulnerability within the morphology module's binomial kernel generation logic. This integer overflow propagates to yield a division by zero error, resulting in a denial of service.
6 views•6 min read
•13 days ago•GHSA-QV2Q-C278-PCH5
3.7GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick
ImageMagick and its .NET wrapper Magick.NET fail to generate unique Initialization Vectors (IVs) when using the PasskeyEncipherImage method with AES-CTR mode. The deterministic derivation of the IV relies solely on the passphrase and the image dimensions. This cryptographic flaw leads to nonce reuse, allowing an attacker to recover plain text pixel data via XOR operations on ciphertexts.
5 views•5 min read