•about 13 hours ago•GHSA-GGXF-37HM-9WQF
6.5GHSA-GGXF-37HM-9WQF: Session Leakage via Unsafe Challenge Path Parsing in instagrapi
The instagrapi library prior to version 2.6.9 contains an improper input validation vulnerability within its challenge handling mechanism. Maliciously crafted server responses can manipulate the client into forwarding session cookies and credentials to an external attacker-controlled domain.
7 views•6 min read
•about 22 hours ago•GHSA-QQQM-5547-774X
9.1GHSA-QQQM-5547-774X: Unauthenticated Path Traversal in FileBrowser Quantum PATCH Handler
GHSA-QQQM-5547-774X is a critical path traversal vulnerability in the FileBrowser Quantum application, specifically within the Go backend package. The vulnerability resides in the HTTP handler responsible for processing bulk file modifications via the public API. Unauthenticated attackers can exploit an order-of-operations flaw in the path sanitization logic to bypass intended directory restrictions. This allows adversaries to arbitrarily read, move, and overwrite files on the underlying filesystem by supplying specially crafted HTTP PATCH requests.
3 views•6 min read
•about 23 hours ago•CVE-2026-8723
5.3CVE-2026-8723: Synchronous Denial of Service in qs npm Package via TypeError
The qs query string parsing and serialization library for Node.js is vulnerable to a synchronous Denial of Service (DoS) attack. The vulnerability manifests as a process-terminating TypeError when processing arrays with null or undefined elements under specific configuration parameters.
17 views•7 min read
•about 23 hours ago•GHSA-7M8F-HGJQ-8GC9
7.5GHSA-7M8F-HGJQ-8GC9: Pre-Authentication Denial of Service via Insecure Deserialization Order in aiosend
The aiosend library prior to version 3.0.6 contains a pre-authentication Denial of Service (DoS) vulnerability in its webhook handling mechanism. The software processes and deserializes incoming JSON payloads before verifying the cryptographic signature, allowing unauthenticated attackers to exhaust server CPU and memory resources by sending large, complex payloads.
3 views•6 min read
•1 day ago•GHSA-JQQ5-8PX3-9M6M
6.2GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders
A heap-based buffer overflow vulnerability exists in the JSON and YAML encoders of ImageMagick and Magick.NET. This issue constitutes an incomplete fix for CVE-2026-40169, resulting in a single-byte out-of-bounds write (off-by-one error) during image metadata serialization.
4 views•6 min read
•1 day ago•GHSA-VF33-6R7X-66XX
3.3GHSA-VF33-6R7X-66XX: Division by Zero and Integer Overflow in ImageMagick Morphology
ImageMagick versions prior to 7.1.1-33 contain an integer overflow vulnerability within the morphology module's binomial kernel generation logic. This integer overflow propagates to yield a division by zero error, resulting in a denial of service.
3 views•6 min read
•1 day ago•GHSA-QV2Q-C278-PCH5
3.7GHSA-qv2q-c278-pch5: Cryptographic Nonce Reuse and Information Disclosure in ImageMagick
ImageMagick and its .NET wrapper Magick.NET fail to generate unique Initialization Vectors (IVs) when using the PasskeyEncipherImage method with AES-CTR mode. The deterministic derivation of the IV relies solely on the passphrase and the image dimensions. This cryptographic flaw leads to nonce reuse, allowing an attacker to recover plain text pixel data via XOR operations on ciphertexts.
4 views•5 min read
•2 days ago•CVE-2026-8596
7.2CVE-2026-8596: Remote Code Execution via Cleartext HMAC Key in Amazon SageMaker Python SDK
The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to the cleartext storage of a symmetric HMAC signing key in job environment variables. An authenticated attacker with `Describe` permissions can extract this key to forge valid integrity signatures for malicious model artifacts.
4 views•6 min read
•2 days ago•CVE-2026-8597
7.2CVE-2026-8597: Arbitrary Code Execution via Missing Integrity Verification in Amazon SageMaker Python SDK Triton Handler
The Amazon SageMaker Python SDK is vulnerable to arbitrary code execution due to a lack of cryptographic integrity verification in its Triton inference handler. An attacker possessing S3 write permissions can replace legitimate model artifacts with a malicious payload, resulting in code execution within the inference container upon deserialization.
4 views•6 min read
•2 days ago•GHSA-HGV7-V322-MMGR
8.6GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch
The SvelteKit framework contains a critical cross-talk vulnerability within its server-side rendering (SSR) processing logic. The query.batch functionality improperly scopes state variables during concurrent request handling, allowing data intended for one user session to be exposed to another. The issue is resolved in version 2.60.1 by migrating the batching state to a strictly isolated request store.
3 views•7 min read
•2 days ago•GHSA-VRXG-GM77-7Q5G
8.7GHSA-vrxg-gm77-7q5g: Unauthenticated Remote Code Execution in Windows-MCP HTTP Transport
Windows-MCP versions prior to 0.7.5 expose an unauthenticated HTTP transport endpoint with a wildcard CORS policy. This allows remote attackers or malicious websites to execute arbitrary PowerShell commands on the host machine by interacting with the local MCP server.
3 views•6 min read
•2 days ago•GHSA-PXH5-6RRC-8RJV
3.1GHSA-PXH5-6RRC-8RJV: Client-Side Denial of Service in OpenTofu via Crafted HTTP/2 SETTINGS Frame
OpenTofu versions prior to 1.11.8 are susceptible to a client-side Denial of Service (DoS) vulnerability due to improper handling of HTTP/2 SETTINGS frames. When fetching dependencies from an attacker-controlled registry, the client can be forced into an infinite loop, resulting in uncontrolled CPU and memory exhaustion.
5 views•7 min read