•about 4 hours ago•CVE-2026-43284
8.8CVE-2026-43284: "Dirty Frag" Local Privilege Escalation via Linux Kernel Page Cache Corruption
CVE-2026-43284, identified as "Dirty Frag", is a critical local privilege escalation vulnerability in the Linux kernel's handling of shared socket buffer fragments during Encapsulating Security Payload (ESP) decryption. The flaw permits unprivileged local adversaries to corrupt the Linux page cache, establishing a write-what-where primitive that can be leveraged to overwrite read-only system files such as /etc/passwd and achieve immediate root privilege escalation.
14 views•7 min read
•about 10 hours ago•CVE-2026-45321
9.6CVE-2026-45321: Critical Supply Chain Compromise in @tanstack Packages via GitHub Actions Misconfiguration
On May 11, 2026, threat actors executed a multi-stage supply chain attack against the @tanstack ecosystem. By exploiting a pull_request_target misconfiguration in GitHub Actions, attackers poisoned build caches and extracted OIDC tokens from memory. This allowed the unauthorized publication of 84 malicious package versions containing credential-stealing malware.
190 views•7 min read
•about 16 hours ago•CVE-2026-27478
9.1CVE-2026-27478: Authentication Bypass via Dynamic JWKS Discovery in Unity Catalog
Unity Catalog version 0.4.0 and prior contains a critical authentication bypass vulnerability in the token exchange endpoint. The server dynamically fetches JSON Web Key Sets (JWKS) based on unverified 'iss' (issuer) claims within incoming JSON Web Tokens (JWTs), allowing unauthenticated attackers to forge tokens and impersonate arbitrary users.
6 views•6 min read
•about 17 hours ago•GHSA-MHWJ-73QX-JQXM
9.8GHSA-MHWJ-73QX-JQXM: Prototype Pollution in @theecryptochad/merge-guard via deepMerge()
The `@theecryptochad/merge-guard` JavaScript package version 1.0.0 is vulnerable to Prototype Pollution. The `deepMerge()` function fails to validate input keys during recursive object merging, allowing attackers to inject malicious properties into the global `Object.prototype` via the `__proto__` accessor. This widespread environmental state alteration can lead to Denial of Service, business logic bypass, or Remote Code Execution depending on the presence of susceptible gadget chains in the application.
7 views•8 min read
•about 17 hours ago•CVE-2026-40217
8.8CVE-2026-40217: Remote Code Execution via Sandbox Escape in LiteLLM
LiteLLM, an open-source LLM proxy, contains a critical sandbox escape vulnerability in its guardrail testing endpoint. An authenticated attacker can bypass regex-based source-code filtering by leveraging Python object hierarchy traversal and runtime bytecode manipulation, leading to arbitrary code execution as the process owner.
11 views•8 min read
•about 18 hours ago•CVE-2026-44643
9.3CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions
CVE-2026-44643 is a critical sandbox escape vulnerability in the peerigon/angular-expressions library. The flaw permits unauthenticated remote code execution via prototype traversal and improper validation of filter expressions. By crafting specific malicious inputs, attackers can access the global Function constructor.
10 views•5 min read
•about 20 hours ago•CVE-2026-44340
8.7CVE-2026-44340: Arbitrary File Write via Symlink Traversal in PraisonAI Tar Extraction
PraisonAI versions prior to 4.6.37 contain a path traversal vulnerability in the `_safe_extractall` function. The flaw allows an attacker to write arbitrary files outside the intended extraction directory via maliciously crafted tar archives containing unresolved symbolic links.
6 views•7 min read
•3 days ago•CVE-2023-49316
7.5CVE-2023-49316: Denial of Service via Unbounded Degree in phpseclib Binary Finite Fields
The phpseclib cryptographic library version 3.x prior to 3.0.34 contains a Denial of Service (DoS) vulnerability in its mathematical field generation logic. When parsing maliciously crafted X.509 certificates or PKCS#8 private keys specifying Elliptic Curve parameters over a binary finite field, the library fails to validate the degree parameter. This flaw allows a remote attacker to force the PHP application to perform unbounded memory allocations, exhausting server resources and terminating the application worker process.
10 views•6 min read
•3 days ago•GHSA-MV93-W799-CJ2W
7.8GHSA-MV93-W799-CJ2W: Remote Code Execution via Config Section Injection in GitPython
GitPython versions prior to 3.1.50 are vulnerable to a newline injection attack in the `config_writer()` and `set_value()` methods. An incomplete fix for CVE-2026-44244 failed to sanitize the configuration section parameter, allowing an attacker to inject malicious Git configuration blocks such as `[core]` and override the `hooksPath`. This leads to unauthenticated remote code execution when subsequent Git operations trigger the injected hooks.
14 views•8 min read
•3 days ago•CVE-2026-6860
5.3CVE-2026-6860: Unbounded SNI Cache Growth in Eclipse Vert.x
Eclipse Vert.x suffers from an uncontrolled resource consumption vulnerability within its Server Name Indication (SNI) processing logic. When server-side SNI is enabled alongside a wildcard TLS certificate, unauthenticated remote attackers can exhaust server memory by initiating handshakes with continuous unique hostname values, ultimately resulting in a Denial of Service (DoS).
13 views•8 min read
•3 days ago•GHSA-V6WJ-C83F-V46X
9.8GHSA-v6wj-c83f-v46x: Critical OS Command Injection in @profullstack/mcp-server domain_lookup Module
A critical unauthenticated OS Command Injection vulnerability (CWE-78) exists in the `@profullstack/mcp-server` npm package, specifically within the `domain_lookup` module. The vulnerability allows remote attackers to execute arbitrary commands on the host system via crafted HTTP requests.
8 views•7 min read
•4 days ago•GHSA-QHH4-458H-XWH2
5.3GHSA-qhh4-458h-xwh2: Credential Leakage via Origin Validation Error in cdxgen
The @cyclonedx/cdxgen package is vulnerable to credential leakage due to improper Docker registry origin validation. A flaw in how registry authentication endpoints are matched against configured credentials allows arbitrary downstream registries to capture private credentials.
8 views•9 min read