•31 minutes ago•CVE-2026-33634
9.4CVE-2026-33634: Remote Supply Chain Compromise in Trivy Ecosystem via Non-Atomic Secret Rotation
A highly critical supply chain compromise affecting the Aqua Security Trivy ecosystem, including the core scanner and its associated GitHub Actions. The attack, attributed to the threat actor TeamPCP, leveraged compromised CI/CD credentials and non-atomic secret rotation to embed malicious code within official releases. This embedded infostealer targets ephemeral runner environments to extract plain-text secrets directly from process memory, evading standard environment variable masking techniques.
1 views•8 min read
•about 1 hour ago•CVE-2026-33160
2.7CVE-2026-33160: Unauthenticated Information Disclosure via Authorization Bypass in Craft CMS
Craft CMS suffers from a missing authorization vulnerability in its image transformation endpoint. Unauthenticated attackers can generate and retrieve transformed versions of private assets by exploiting an insecure direct object reference (IDOR) flaw in the AssetsController.
1 views•6 min read
•about 1 hour ago•CVE-2026-3055
9.3CVE-2026-3055: Out-of-Bounds Read in Citrix NetScaler SAML IDP
CVE-2026-3055 is a critical out-of-bounds read vulnerability affecting customer-managed instances of Citrix NetScaler ADC and NetScaler Gateway. It allows unauthenticated remote attackers to read sensitive data from appliance memory when configured as a SAML Identity Provider.
3 views•5 min read
•about 9 hours ago•CVE-2025-54957
9.8CVE-2025-54957: Integer Overflow to Heap-Based Buffer Overflow in Dolby Unified Decoder
CVE-2025-54957 is a critical integer overflow vulnerability in the Dolby Unified Decoder (UDC) library, specifically within the parsing of Extensible Metadata Delivery Format (EMDF) data. This flaw leads to an out-of-bounds write on the heap, allowing remote attackers to achieve zero-click code execution on vulnerable platforms.
8 views•8 min read
•about 10 hours ago•CVE-2026-27727
9.8CVE-2026-27727: Remote Code Execution in mchange-commons-java Custom JNDI Implementation
CVE-2026-27727 is a critical remote code execution vulnerability in the mchange-commons-java utility library, a common dependency for the c3p0 JDBC connection pool. The flaw stems from a custom JNDI reference resolution mechanism that bypasses modern JDK security controls, allowing unauthenticated attackers to load and execute arbitrary remote Java classes via crafted serialized objects.
5 views•6 min read
•about 12 hours ago•CVE-2026-32276
8.8CVE-2026-32276: Arbitrary Code Execution in Connect-CMS Code Study Plugin
Connect-CMS contains a critical vulnerability in the Code Study Plugin (CWE-94: Improper Control of Generation of Code). The plugin fails to adequately sandbox or sanitize user-supplied PHP and Java code prior to execution. Authenticated attackers with access to the plugin can bypass blacklist-based filters using alternative whitespace or dynamic function calls, resulting in arbitrary remote code execution on the underlying server.
11 views•6 min read
•about 13 hours ago•CVE-2026-32277
8.7CVE-2026-32277: Persistent DOM-based XSS in Connect-CMS Cabinet Plugin
Connect-CMS versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0 contain a high-severity persistent DOM-based Cross-Site Scripting (XSS) vulnerability in the Cabinet Plugin. The vulnerability arises from unsafe use of the `.innerHTML` property when rendering user-controllable file and folder names. Exploitation requires authenticated access to create a file or folder, but successful execution allows attackers to hijack administrative sessions, escalate privileges, or deface the application.
5 views•7 min read
•about 13 hours ago•CVE-2026-32279
6.8CVE-2026-32279: Server-Side Request Forgery in Connect-CMS External Page Migration
Connect-CMS versions 1.x through 1.41.0 and 2.x through 2.41.0 contain a Server-Side Request Forgery (SSRF) vulnerability in the External Page Migration feature. Authenticated users with administrative privileges can supply malicious URLs to force the application to issue HTTP requests to arbitrary internal network resources. This allows attackers to bypass perimeter controls and interact with internal systems, loopback interfaces, or cloud provider metadata services.
6 views•7 min read
•about 14 hours ago•CVE-2026-32299
7.5CVE-2026-32299: Improper Authorization and Data Leakage in Connect-CMS
Connect-CMS versions prior to 1.41.1 and 2.41.1 contain an improper authorization vulnerability in the content retrieval logic. The flaw allows unauthenticated remote attackers to retrieve non-public information by exploiting an incomplete route coverage implementation and a missing frame-to-page ID validation check.
5 views•6 min read
•about 15 hours ago•CVE-2026-32300
8.1CVE-2026-32300: Insecure Direct Object Reference in Connect-CMS Profile Update
Connect-CMS suffers from an Insecure Direct Object Reference (IDOR) vulnerability within its My Page profile update functionality. The application relies on client-provided user identifiers to determine which profile record to modify, without verifying if the authenticated session holds the requisite permissions. This oversight permits any authenticated user to arbitrarily alter the profile data of other users, creating a direct path to full account takeover.
6 views•6 min read
•about 15 hours ago•CVE-2026-33046
7.7CVE-2026-33046: LaTeX Injection Leading to Local File Disclosure and Remote Code Execution in Indico
CVE-2026-33046 identifies a critical vulnerability in the Indico event management system's PDF generation module. Insufficient sanitization of user-provided LaTeX input allows attackers to utilize TeXLive's caret notation to bypass security filters. This enables the execution of restricted LaTeX commands, resulting in Local File Disclosure (LFD) and conditional Remote Code Execution (RCE).
7 views•7 min read
•about 15 hours ago•CVE-2026-33168
2.3CVE-2026-33168: Cross-Site Scripting (XSS) via Attribute Injection in Rails Action View
CVE-2026-33168 is a Cross-Site Scripting (XSS) vulnerability in the Action View component of Ruby on Rails. The flaw stems from insufficient validation of HTML attribute keys in the `TagHelper#tag_options` method. When rendering tags with user-controlled attribute hashes, empty or blank keys bypass escaping mechanisms, allowing attackers to inject arbitrary HTML attributes and execute malicious JavaScript in the victim's browser context.
11 views•6 min read