•about 11 hours ago•CVE-2025-55988
9.8CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core
DreamFactory Core v1.0.3 contains a critical directory traversal vulnerability within the RestController component. The application fails to properly sanitize the resource URI parameter before utilizing it in downstream service logic. This allows an unauthenticated attacker to bypass implemented filters using nested traversal sequences, leading to arbitrary file read and remote code execution.
3 views•6 min read
•about 11 hours ago•GHSA-F67F-HCR6-94MF
9.3GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows
A critical OS command injection vulnerability exists in multiple GitHub Actions workflows within the SHAdd0WTAka/Zen-Ai-Pentest repository. The vulnerability allows unauthenticated attackers to execute arbitrary shell commands on the GitHub runner by submitting specially crafted issue titles, leading to the exfiltration of repository secrets.
2 views•6 min read
•about 12 hours ago•GHSA-PWJX-QHCG-RVJ4
4.4GHSA-pwjx-qhcg-rvj4: Certificate Revocation Bypass via Iterator Exhaustion in rustls-webpki
The `rustls-webpki` crate contains a logic flaw in its certificate revocation enforcement mechanism. Due to the improper reuse of one-shot DER iterators during Certificate Revocation List (CRL) processing, the verifier fails to match legitimate Distribution Points (DPs) to Issuing Distribution Points (IDPs), potentially leading to the acceptance of revoked certificates under permissive configurations.
4 views•7 min read
•about 13 hours ago•GHSA-MWJC-5J4X-R686
10.0CVE-2025-34433: Unauthenticated Remote Code Execution via Cryptographic Failures in AVideo
AVideo platforms version 14.3.1 through 20.0 are vulnerable to an unauthenticated Remote Code Execution (RCE) flaw. The vulnerability arises from a chain of information disclosure, predictable cryptographic salt generation, and an unsafe evaluation sink. An unauthenticated attacker can mathematically derive the internal encryption key and forge authenticated payloads to achieve full system compromise.
4 views•6 min read
•about 15 hours ago•GHSA-8FW8-Q79C-FP9M
8.6GHSA-8FW8-Q79C-FP9M: Unauthenticated Local File Inclusion and Remote Code Execution in AVideo API
The AVideo platform contains an unauthenticated Local File Inclusion (LFI) vulnerability in its API locale handler. The application fails to sanitize user input before concatenating it into a PHP include statement, allowing attackers to execute arbitrary local PHP files and potentially achieve Remote Code Execution.
6 views•7 min read
•about 22 hours ago•GHSA-X49Q-FHHM-R9JF
9.9GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw
A logic flaw in the OpenClaw gateway WebSocket connection handler permits clients authenticating with shared tokens to self-declare and retain elevated administrative scopes. This vulnerability allows an attacker possessing a low-privileged shared secret to bypass intended device-identity boundaries and execute administrative RPC commands against the gateway.
4 views•5 min read
•about 24 hours ago•CVE-2026-32305
7.8CVE-2026-32305: Mutual TLS Bypass via Fragmented ClientHello in Traefik
Traefik versions up to 2.11.40 and 3.6.10 are vulnerable to a mutual TLS (mTLS) bypass. The vulnerability occurs in the TLS Server Name Indication (SNI) pre-sniffing logic when handling fragmented ClientHello packets. This extraction failure results in the proxy falling back to a global default TLS configuration, which allows attackers to bypass route-level mTLS authentication requirements.
7 views•6 min read
•1 day ago•CVE-2026-33055
5.1CVE-2026-33055: Parser Differential and Archive Smuggling in Rust tar-rs
A parser differential vulnerability in the Rust tar-rs crate <= 0.4.44 allows attackers to smuggle hidden TAR entries past compliant security validators. The vulnerability arises from non-compliant handling of PAX extended header size overrides.
4 views•6 min read
•1 day ago•CVE-2026-33056
5.1CVE-2026-33056: Arbitrary Directory Permission Modification via Symlink Following in tar-rs
The tar-rs library version 0.4.44 and earlier contains a CWE-61 UNIX Symbolic Link (Symlink) Following vulnerability in the directory extraction logic. By utilizing a crafted tar archive containing a symlink and a directory of the same name, an attacker can manipulate directory permissions on the host system.
3 views•5 min read
•1 day ago•CVE-2026-33312
5.3CVE-2026-33312: Broken Object-Level Authorization (BOLA) in Vikunja Project Background Deletion
Vikunja versions 0.20.2 through 2.1.x suffer from a Broken Object Level Authorization (BOLA) vulnerability. The application fails to properly validate permissions on the project background deletion endpoint, allowing users with only read access to permanently delete background images. The vulnerability is fixed in version 2.2.0.
5 views•6 min read
•1 day ago•CVE-2026-32595
6.3CVE-2026-32595: Information Disclosure via Timing Attack in Traefik BasicAuth
CVE-2026-32595 is an observable timing discrepancy vulnerability in Traefik's BasicAuth middleware affecting versions across the 2.x and 3.x branches. The flaw allows unauthenticated remote attackers to enumerate valid user accounts by measuring the server's response time during authentication attempts.
4 views•6 min read
•1 day ago•CVE-2026-32701
7.5CVE-2026-32701: Array Method Pollution and Denial of Service in Qwik City Middleware
Qwik City middleware versions prior to 1.19.2 contain an array method pollution vulnerability within the form parsing component. Unauthenticated remote attackers can overwrite native array methods via crafted multipart or URL-encoded HTTP requests, resulting in type confusion and server-side Denial of Service (DoS).
6 views•5 min read