•about 6 hours ago•GHSA-7HGR-7H44-33W2
HighGHSA-7HGR-7H44-33W2: Unauthenticated Browser Control via Confused Deputy in camofox-mcp
The camofox-mcp package prior to version 1.13.2 contains a critical access control vulnerability on its Model Context Protocol (MCP) HTTP transport layer. The server fails to authenticate inbound requests while simultaneously appending an administrative API key to outbound backend requests. This Confused Deputy flaw allows unauthenticated clients to exercise full administrative control over the backend headless browser environment.
5 views•7 min read
•about 7 hours ago•CVE-2026-45773
6.5CVE-2026-45773: Cross-Site Request Forgery and Session Fixation in Turborepo CLI
Vercel Turborepo CLI versions prior to 2.9.14 are vulnerable to Cross-Site Request Forgery (CSRF) and Session Fixation during self-hosted remote cache authentication. The local callback server fails to validate the OAuth2 state parameter, allowing malicious websites to inject attacker-controlled tokens and compromise build environments.
4 views•6 min read
•about 9 hours ago•GHSA-HC3C-63HC-2R9F
7.5GHSA-HC3C-63HC-2R9F: Denial of Service via Uncaught Exception in libcrux-chacha20poly1305
The libcrux-chacha20poly1305 cryptographic crate contains a Denial of Service vulnerability triggered by providing an overlong ciphertext buffer during encryption. This flaw manifests as a runtime panic due to an improper slice conversion, allowing attackers to terminate the application if buffer sizes are user-influenced.
4 views•7 min read
•about 10 hours ago•GHSA-FHVH-VW7H-9XF3
8.2GHSA-FHVH-VW7H-9XF3: Cryptographic Signature Forgery via AVX2 Logic Error in libcrux-ml-dsa
A critical logic vulnerability in the libcrux-ml-dsa library allows cryptographic signature forgery on x86_64 architectures using the AVX2 backend. The flaw originates from an incorrect SIMD implementation of the ML-DSA use_hint function, violating FIPS 204 specifications and allowing attackers to bypass signature verification.
2 views•8 min read
•about 10 hours ago•CVE-2026-45740
5.3CVE-2026-45740: Uncontrolled Recursion in protobufjs Leading to Denial of Service
An uncontrolled recursion vulnerability exists in the protobufjs library prior to versions 7.5.8 and 8.2.0. The lack of depth limits in the JSON descriptor parsing logic allows attackers to cause a stack overflow and crash the Node.js process via deeply nested payloads.
8 views•6 min read
•about 18 hours ago•CVE-2026-32177
7.3CVE-2026-32177: Heap-Based Buffer Overflow in .NET Core and Visual Studio
CVE-2026-32177 is a high-severity heap-based buffer overflow affecting multiple versions of Microsoft .NET and Visual Studio. Triggered by insufficient input validation during file processing, the vulnerability permits local privilege escalation when a user opens a specially crafted file.
9 views•6 min read
•1 day ago•CVE-2026-42899
7.5CVE-2026-42899: Denial of Service via Infinite Loops in ASP.NET Core Subsystems
CVE-2026-42899 is a high-severity Denial of Service (DoS) vulnerability in the Microsoft ASP.NET Core framework, characterized by multiple instances of a 'Loop with Unreachable Exit Condition' (CWE-835). An unauthenticated remote attacker can trigger 100% CPU utilization by supplying specially crafted requests that exploit logic errors in request parsing, data protection, minimal APIs, and caching subsystems.
5 views•7 min read
•1 day ago•CVE-2026-35433
7.3CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime
CVE-2026-35433 is a high-severity Elevation of Privilege (EoP) vulnerability affecting the .NET Desktop Runtime. The flaw originates from a heap-based buffer overflow in the Windows Forms and WPF components due to improper input validation and integer overflow during binary data parsing. Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the compromised application.
5 views•8 min read
•1 day ago•GHSA-JGG6-4RPR-WFH7
9.8GHSA-JGG6-4RPR-WFH7: Mistral AI SDK Supply Chain Compromise via Mini Shai-Hulud Worm
A significant supply chain compromise affected official Mistral AI software development kits (SDKs) on both NPM and PyPI ecosystems. The incident involved an automated worm known as 'Mini Shai-Hulud' that leveraged stolen maintainer credentials to publish malicious packages containing secondary dropper payloads.
10 views•5 min read
•1 day ago•GHSA-FVH2-GM75-J4J7
8.8CVE-2026-42559: DNS Rebinding and CSRF in Model Context Protocol (MCP) HTTP Transport
The Model Context Protocol (MCP) Rust SDK (`rmcp`), a transitive dependency of the `dynoxide` database proxy, contains a high-severity vulnerability in its streamable HTTP server transport. The component fails to properly validate incoming HTTP `Host` headers, permitting DNS rebinding and Cross-Origin Request Forgery (CSRF) attacks against locally running database proxies.
9 views•6 min read
•1 day ago•CVE-2026-2728
4.8CVE-2026-2728: Authenticated Stored Cross-Site Scripting (XSS) in LibreNMS RANCID Configuration
LibreNMS versions prior to 26.3.0 contain an authenticated Stored Cross-Site Scripting (XSS) vulnerability within the RANCID integration settings. The flaw occurs during the generation of the RANCID configuration repository link on the `showconfig` page, where user-supplied input is improperly neutralized before being inserted into an HTML href attribute. An attacker with administrative privileges can execute arbitrary JavaScript in the browser context of other administrators who view the affected page.
3 views•6 min read
•1 day ago•GHSA-C55G-RP4X-FX84
7.8GHSA-C55G-RP4X-FX84: Integer Overflow and Out-of-Bounds Access in DirectX Tool Kit SpriteFont Parser
The Microsoft DirectX Tool Kit (DirectXTK and DirectXTK12) contains an integer overflow vulnerability in its SpriteFont parsing implementation, specifically affecting 32-bit application builds. The flaw resides in the `DirectX::BinaryReader::ReadArray` template function, where a multiplication operation using 32-bit arithmetic wraps around when processing maliciously crafted `.spritefont` files. This miscalculation circumvents pointer arithmetic safety checks, leading to out-of-bounds memory access. Successful exploitation allows an attacker to achieve memory corruption or information disclosure within the application parsing the untrusted file.
3 views•9 min read