•about 4 hours ago•CVE-2026-42945
8.1CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module
A heap-based buffer overflow vulnerability exists in the NGINX ngx_http_rewrite_module due to an inconsistency in the two-pass script execution engine. Discovered by depthfirst, this flaw allows unauthenticated remote attackers to trigger memory corruption under specific configuration conditions, resulting in denial of service or remote code execution.
43 views•8 min read
•about 14 hours ago•GHSA-VW82-7FV8-R6GP
9.3GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration
An authorization bypass vulnerability in the Obot MCP Gateway allows authenticated users to access arbitrary Model Context Protocol (MCP) servers without possessing the required Access Control Rules (ACR) or ownership privileges, leading to unauthorized interaction with external tools and data sources.
8 views•7 min read
•about 18 hours ago•GHSA-V25J-WQCW-FVHJ
7.5GHSA-V25J-WQCW-FVHJ: Uncontrolled Resource Consumption via Unbounded Date Sequences in wger
wger is susceptible to an authenticated Denial of Service (DoS) vulnerability due to uncontrolled resource consumption (CWE-400). The flaw resides in the application's handling of date sequences within routine configurations, allowing authenticated attackers to exhaust server resources by defining enormous date ranges.
8 views•5 min read
•about 18 hours ago•GHSA-429Q-FHH4-R6HJ
9.1GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor InterfaceAccount
A critical vulnerability in the Anchor framework's `anchor-lang` crate allows account substitution attacks. The `InterfaceAccount` type fails to validate the 8-byte account discriminator during deserialization, permitting an attacker to supply a mismatched account type and subvert program logic.
9 views•6 min read
•about 19 hours ago•CVE-2026-44738
7.7CVE-2026-44738: Grav CMS Twig Sandbox Information Disclosure via Config::toArray()
An information disclosure vulnerability in the Grav CMS file-based Web platform allows authenticated users with the admin.pages role to bypass Twig sandbox restrictions. By invoking the config.toArray() method, attackers can expose complete system configurations, including highly sensitive SMTP passwords, API tokens, and cloud service credentials.
10 views•6 min read
•2 days ago•CVE-2026-45091
9.1CVE-2026-45091: Cleartext TOTP Secret Exposure in sealed-env JWS Tokens
The sealed-env library incorrectly embeds operator TOTP secrets in the unencrypted Base64-encoded payload of minted JWS tokens, allowing unauthenticated attackers to extract credentials and bypass multi-factor authentication controls.
18 views•4 min read
•2 days ago•CVE-2026-32686
6.9CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal
The ericmj/decimal Elixir library suffers from an uncontrolled resource consumption vulnerability. Parsing decimal strings with exceptionally large exponents succeeds with minimal memory overhead, but subsequent arithmetic operations or string formatting attempts to materialize the expanded value. This exhausts BEAM Virtual Machine memory, causing an immediate denial of service.
9 views•6 min read
•2 days ago•CVE-2026-43284
8.8CVE-2026-43284: "Dirty Frag" Local Privilege Escalation via Linux Kernel Page Cache Corruption
CVE-2026-43284, identified as "Dirty Frag", is a critical local privilege escalation vulnerability in the Linux kernel's handling of shared socket buffer fragments during Encapsulating Security Payload (ESP) decryption. The flaw permits unprivileged local adversaries to corrupt the Linux page cache, establishing a write-what-where primitive that can be leveraged to overwrite read-only system files such as /etc/passwd and achieve immediate root privilege escalation.
189 views•7 min read
•2 days ago•CVE-2026-45321
9.6CVE-2026-45321: Critical Supply Chain Compromise in @tanstack Packages via GitHub Actions Misconfiguration
On May 11, 2026, threat actors executed a multi-stage supply chain attack against the @tanstack ecosystem. By exploiting a pull_request_target misconfiguration in GitHub Actions, attackers poisoned build caches and extracted OIDC tokens from memory. This allowed the unauthorized publication of 84 malicious package versions containing credential-stealing malware.
567 views•7 min read
•3 days ago•CVE-2026-27478
9.1CVE-2026-27478: Authentication Bypass via Dynamic JWKS Discovery in Unity Catalog
Unity Catalog version 0.4.0 and prior contains a critical authentication bypass vulnerability in the token exchange endpoint. The server dynamically fetches JSON Web Key Sets (JWKS) based on unverified 'iss' (issuer) claims within incoming JSON Web Tokens (JWTs), allowing unauthenticated attackers to forge tokens and impersonate arbitrary users.
8 views•6 min read
•3 days ago•GHSA-MHWJ-73QX-JQXM
9.8GHSA-MHWJ-73QX-JQXM: Prototype Pollution in @theecryptochad/merge-guard via deepMerge()
The `@theecryptochad/merge-guard` JavaScript package version 1.0.0 is vulnerable to Prototype Pollution. The `deepMerge()` function fails to validate input keys during recursive object merging, allowing attackers to inject malicious properties into the global `Object.prototype` via the `__proto__` accessor. This widespread environmental state alteration can lead to Denial of Service, business logic bypass, or Remote Code Execution depending on the presence of susceptible gadget chains in the application.
11 views•8 min read
•3 days ago•CVE-2026-40217
8.8CVE-2026-40217: Remote Code Execution via Sandbox Escape in LiteLLM
LiteLLM, an open-source LLM proxy, contains a critical sandbox escape vulnerability in its guardrail testing endpoint. An authenticated attacker can bypass regex-based source-code filtering by leveraging Python object hierarchy traversal and runtime bytecode manipulation, leading to arbitrary code execution as the process owner.
16 views•8 min read