•28 minutes ago•CVE-2026-34828
7.1CVE-2026-34828: Insufficient Session Expiration in listmonk
Listmonk versions 4.1.0 through 6.0.x contain an Insufficient Session Expiration vulnerability (CWE-613) within the application's authentication lifecycle handlers. The software fails to revoke existing authenticated sessions when a user undergoes a password reset or performs an intentional password change. This oversight enables an attacker who has acquired a valid session cookie to maintain unauthorized, persistent access to the compromised account, successfully bypassing the primary defense mechanism of credential rotation.
0 views•7 min read
•about 3 hours ago•GHSA-GMPC-FXG2-VCMQ
6.1GHSA-GMPC-FXG2-VCMQ: Stored Cross-Site Scripting (XSS) in AVideo TopMenu Plugin
The TopMenu plugin in AVideo up to version 26.0 contains a stored cross-site scripting (XSS) vulnerability. User-controlled menu fields lack proper output encoding, allowing administrative users to inject malicious JavaScript that executes globally across all public-facing pages.
2 views•6 min read
•about 3 hours ago•CVE-2026-34973
6.9CVE-2026-34973: LIKE Wildcard Injection in phpMyFAQ Search Component
phpMyFAQ versions prior to 4.1.1 contain a LIKE wildcard injection vulnerability in the searchCustomPages() method. The application fails to properly neutralize SQL LIKE metacharacters, allowing unauthenticated attackers to bypass intended search constraints and trigger unauthorized information disclosure.
3 views•7 min read
•about 4 hours ago•CVE-2026-34974
5.4CVE-2026-34974: Stored Cross-Site Scripting via SVG Sanitizer Bypass in phpMyFAQ
phpMyFAQ versions prior to 4.1.1 contain a vulnerability in the SVG sanitizer component. The application relies on a blacklist regular expression that fails to properly process HTML entity-encoded attributes, allowing an attacker with Editor privileges to upload a malicious SVG. This flaw enables Stored Cross-Site Scripting (XSS), which can result in privilege escalation to Administrator.
3 views•7 min read
•about 5 hours ago•CVE-2026-4176
9.8CVE-2026-4176: Remote Code Execution via Heap-Based Buffer Overflow in Perl Compress::Raw::Zlib
CVE-2026-4176 is a critical dependency chain vulnerability in the Perl programming language. It is caused by the inclusion of an outdated version of the Compress::Raw::Zlib core module, which bundles a vulnerable version of the zlib compression library. This exposure allows unauthenticated remote attackers to achieve arbitrary code execution or denial of service via malformed compressed data streams.
6 views•7 min read
•about 10 hours ago•CVE-2026-5281
8.8CVE-2026-5281: High-Severity Use-After-Free in Dawn WebGPU Implementation
CVE-2026-5281 is a critical Use-After-Free (UAF) vulnerability located in the Dawn WebGPU backend of Chromium-based browsers. It allows remote attackers to execute arbitrary code via a crafted HTML page leveraging a race condition in the internal GPU task queue. The flaw is actively exploited in the wild.
5 views•6 min read
•about 15 hours ago•GHSA-Q56X-G2FJ-4RJ6
8.8CVE-2025-51480: Arbitrary File Write via Path Traversal in ONNX save_external_data
The ONNX (Open Neural Network Exchange) Python library contains a high-severity path traversal vulnerability in the `save_external_data` function. Processing specially crafted ONNX models allows an attacker to write arbitrary files to the host filesystem, resulting in potential remote code execution or data corruption. The vulnerability also exposes a Time-of-Check Time-of-Use (TOCTOU) weakness during file operations.
7 views•6 min read
•about 16 hours ago•CVE-2026-2950
6.5CVE-2026-2950: Prototype Pollution Bypass in Lodash via Array-Wrapped Path Segments
Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution via a bypass of the previous fix for CVE-2025-13465. By supplying array-wrapped path segments to functions like `_.unset` and `_.omit`, attackers can evade type-checking logic and delete properties from built-in prototypes.
14 views•6 min read
•about 16 hours ago•CVE-2026-4800
8.1CVE-2026-4800: Code Injection and Remote Code Execution in lodash _.template
CVE-2026-4800 is a high-severity code injection vulnerability (CWE-94) in the lodash library's _.template function. Arising from an incomplete patch for CVE-2021-23337, this flaw allows unauthenticated attackers to execute arbitrary JavaScript upon template compilation via malicious object keys.
8 views•6 min read
•about 17 hours ago•GHSA-32WQ-PPWG-3W4M
7.5GHSA-32WQ-PPWG-3W4M: Denial of Service in EnhancedLinq.Async via Microsoft.Bcl.Memory Out-of-Bounds Read
EnhancedLinq.Async is vulnerable to a Denial of Service (DoS) attack due to an out-of-bounds read flaw inherited from its transitive dependency on Microsoft.Bcl.Memory. This issue, originally tracked as CVE-2026-26127, allows unauthenticated remote attackers to crash applications by supplying malformed Base64Url-encoded payloads.
7 views•4 min read
•about 18 hours ago•GHSA-W2FM-25VW-VH7F
7.1GHSA-W2FM-25VW-VH7F: Cross-Client Data Leak via Transport Race Condition in mcp-handler
A race condition in the underlying Model Context Protocol (MCP) TypeScript SDK causes a tool response leak across concurrent client sessions. The `mcp-handler` package prior to version 1.1.0 exposes applications to this cross-client data leak due to improper lifecycle management of transport and protocol instances in stateless environments.
6 views•7 min read
•about 18 hours ago•CVE-2026-4370
10.0CVE-2026-4370: Critical Authentication Bypass in Canonical Juju Dqlite Cluster
Canonical Juju versions 3.2.0 through 3.6.19 and 4.0 through 4.0.4 contain a critical vulnerability in the internal Dqlite database cluster. The system fails to enforce TLS client certificate validation during the node join handshake on port 17666. An unauthenticated remote attacker can exploit this flaw to join the cluster, gaining full read and write access to the underlying state database.
9 views•5 min read