DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

Comments
2 min read
CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

Comments
2 min read
CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

Comments
2 min read
CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

Comments
2 min read
GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

Comments
2 min read
GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

Comments
2 min read
CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo

CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo

Comments
2 min read
CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod

CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod

Comments
2 min read
CVE-2026-35381: CVE-2026-35381: Input Sanitization and Logic Bypass in uutils coreutils cut Utility

CVE-2026-35381: CVE-2026-35381: Input Sanitization and Logic Bypass in uutils coreutils cut Utility

Comments
2 min read
CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass

CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass

Comments
2 min read
CVE-2026-35366: CVE-2026-35366: Security Inspection Bypass in uutils coreutils printenv via non-UTF-8 Environment Variables

CVE-2026-35366: CVE-2026-35366: Security Inspection Bypass in uutils coreutils printenv via non-UTF-8 Environment Variables

Comments
2 min read
GHSA-X76W-8C62-48MG: GHSA-X76W-8C62-48MG: Missing Authorization in Craft CMS AssetsController Leads to Private Asset Disclosure

GHSA-X76W-8C62-48MG: GHSA-X76W-8C62-48MG: Missing Authorization in Craft CMS AssetsController Leads to Private Asset Disclosure

Comments
2 min read
CVE-2026-35371: CVE-2026-35371: Logical Identity Spoofing in uutils coreutils id Utility

CVE-2026-35371: CVE-2026-35371: Logical Identity Spoofing in uutils coreutils id Utility

Comments
2 min read
CVE-2026-35339: CVE-2026-35339: Incorrect Exit Status Propagation in Rust uutils/coreutils chmod Recursive Execution

CVE-2026-35339: CVE-2026-35339: Incorrect Exit Status Propagation in Rust uutils/coreutils chmod Recursive Execution

Comments
2 min read
CVE-2026-35338: CVE-2026-35338: Path Validation Bypass in uutils/coreutils chmod --preserve-root Option

CVE-2026-35338: CVE-2026-35338: Path Validation Bypass in uutils/coreutils chmod --preserve-root Option

Comments
2 min read
GHSA-7JVP-HJ45-2F2M: GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

GHSA-7JVP-HJ45-2F2M: GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

Comments
2 min read
CVE-2022-46292: CVE-2022-46292: Heap-Based Out-of-Bounds Write in Open Babel MOPAC Parser

CVE-2022-46292: CVE-2022-46292: Heap-Based Out-of-Bounds Write in Open Babel MOPAC Parser

Comments
2 min read
CVE-2026-48276: CVE-2026-48276: Unrestricted File Upload in Adobe ColdFusion

CVE-2026-48276: CVE-2026-48276: Unrestricted File Upload in Adobe ColdFusion

Comments
2 min read
CVE-2026-46599: CVE-2026-46599: Unrestricted Memory Allocation in golang.org/x/image/tiff PackBits Decoder

CVE-2026-46599: CVE-2026-46599: Unrestricted Memory Allocation in golang.org/x/image/tiff PackBits Decoder

Comments
2 min read
CVE-2026-11822: CVE-2026-11822: Memory Corruption and Buffer Overflow in SQLite FTS5 Extension

CVE-2026-11822: CVE-2026-11822: Memory Corruption and Buffer Overflow in SQLite FTS5 Extension

Comments
2 min read
CVE-2026-47291: CVE-2026-47291: Remote Code Execution in Windows HTTP.sys Kernel Driver

CVE-2026-47291: CVE-2026-47291: Remote Code Execution in Windows HTTP.sys Kernel Driver

Comments
2 min read
CVE-2025-6965: CVE-2025-6965: Remote Code Execution via Integer Truncation in SQLite Aggregate Parser

CVE-2025-6965: CVE-2025-6965: Remote Code Execution via Integer Truncation in SQLite Aggregate Parser

Comments
2 min read
CVE-2026-54269: CVE-2026-54269: Runtime Property Shadowing and Denial of Service in protobufjs

CVE-2026-54269: CVE-2026-54269: Runtime Property Shadowing and Denial of Service in protobufjs

Comments
2 min read
CVE-2026-56350: CVE-2026-56350: SSO Enforcement Bypass in n8n via API Parameter Pollution / Mass Assignment

CVE-2026-56350: CVE-2026-56350: SSO Enforcement Bypass in n8n via API Parameter Pollution / Mass Assignment

Comments
2 min read
CVE-2026-55699: CVE-2026-55699: Arbitrary Directory Deletion via Path Traversal in pnpm globalBinDir Resolver

CVE-2026-55699: CVE-2026-55699: Arbitrary Directory Deletion via Path Traversal in pnpm globalBinDir Resolver

Comments
2 min read
CVE-2026-55700: CVE-2026-55700: Path Traversal and Arbitrary File Write in pnpm stage download

CVE-2026-55700: CVE-2026-55700: Path Traversal and Arbitrary File Write in pnpm stage download

Comments
2 min read
GHSA-WW5P-J6CJ-6MQQ: GHSA-WW5P-J6CJ-6MQQ: Credential Exposure in Nezha Dashboard DDNS and Notification APIs

GHSA-WW5P-J6CJ-6MQQ: GHSA-WW5P-J6CJ-6MQQ: Credential Exposure in Nezha Dashboard DDNS and Notification APIs

Comments
2 min read
GHSA-FR4H-3CPH-29XV: GHSA-FR4H-3CPH-29XV: Path Traversal and Directory Hijacking in pnpm and pacquet Dependency Resolution

GHSA-FR4H-3CPH-29XV: GHSA-FR4H-3CPH-29XV: Path Traversal and Directory Hijacking in pnpm and pacquet Dependency Resolution

Comments
2 min read
GHSA-72R4-9C5J-MJ57: GHSA-72R4-9C5J-MJ57: Arbitrary File Deletion via Path Traversal in pnpm patch-remove

GHSA-72R4-9C5J-MJ57: GHSA-72R4-9C5J-MJ57: Arbitrary File Deletion via Path Traversal in pnpm patch-remove

Comments
2 min read
GHSA-QRV3-253H-G69C: GHSA-QRV3-253H-G69C: Path Traversal and Arbitrary Symlink Creation via configDependencies in pnpm

GHSA-QRV3-253H-G69C: GHSA-QRV3-253H-G69C: Path Traversal and Arbitrary Symlink Creation via configDependencies in pnpm

Comments
2 min read
CVE-2026-49340: CVE-2026-49340: Arbitrary File Write via Path Traversal in Gonic Subsonic Playlist Handler

CVE-2026-49340: CVE-2026-49340: Arbitrary File Write via Path Traversal in Gonic Subsonic Playlist Handler

Comments
2 min read
GHSA-985R-Q3QP-299H: GHSA-985R-Q3QP-299H: Incomplete Fix in phpMyFAQ Admin API Enables Privilege Escalation and Account Takeover

GHSA-985R-Q3QP-299H: GHSA-985R-Q3QP-299H: Incomplete Fix in phpMyFAQ Admin API Enables Privilege Escalation and Account Takeover

Comments
2 min read
CVE-2026-48788: CVE-2026-48788: Cross-Site Scripting and Content-Type Spoofing in Remark42 Image Proxy

CVE-2026-48788: CVE-2026-48788: Cross-Site Scripting and Content-Type Spoofing in Remark42 Image Proxy

Comments
2 min read
CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem

CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem

Comments
2 min read
CVE-2026-39832: CVE-2026-39832: Silent Drop of Destination Constraints in golang.org/x/crypto SSH Agent Client

CVE-2026-39832: CVE-2026-39832: Silent Drop of Destination Constraints in golang.org/x/crypto SSH Agent Client

Comments
2 min read
CVE-2026-46597: CVE-2026-46597: Remote Denial of Service in golang.org/x/crypto/ssh via AES-GCM Padding Integer Overflow

CVE-2026-46597: CVE-2026-46597: Remote Denial of Service in golang.org/x/crypto/ssh via AES-GCM Padding Integer Overflow

Comments
2 min read
CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass

CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass

Comments
2 min read
CVE-2026-39835: CVE-2026-39835: Remote Denial of Service via Null Pointer Dereference in Go SSH CertChecker

CVE-2026-39835: CVE-2026-39835: Remote Denial of Service via Null Pointer Dereference in Go SSH CertChecker

Comments
2 min read
CVE-2026-39827: CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh)

CVE-2026-39827: CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh)

Comments
2 min read
CVE-2026-39830: CVE-2026-39830: Unsolicited Response Channel Deadlock and Resource Leak in golang.org/x/crypto/ssh

CVE-2026-39830: CVE-2026-39830: Unsolicited Response Channel Deadlock and Resource Leak in golang.org/x/crypto/ssh

Comments
2 min read
CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser

CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser

Comments
2 min read
CVE-2026-39831: CVE-2026-39831: Authentication Bypass in golang.org/x/crypto/ssh via FIDO/U2F User Presence Bypass

CVE-2026-39831: CVE-2026-39831: Authentication Bypass in golang.org/x/crypto/ssh via FIDO/U2F User Presence Bypass

Comments
2 min read
CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write

CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write

Comments
2 min read
CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts

CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts

Comments
2 min read
CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh

CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh

Comments
2 min read
CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp

CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp

Comments
2 min read
CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend

CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend

Comments
2 min read
CVE-2026-48708: CVE-2026-48708: Concurrent Template Parsing Race Condition in OliveTin leading to Cross-Request Command Contamination

CVE-2026-48708: CVE-2026-48708: Concurrent Template Parsing Race Condition in OliveTin leading to Cross-Request Command Contamination

Comments
2 min read
CVE-2026-48709: CVE-2026-48709: Missing Authorization in OliveTin ValidateArgumentType RPC Endpoint

CVE-2026-48709: CVE-2026-48709: Missing Authorization in OliveTin ValidateArgumentType RPC Endpoint

Comments
2 min read
CVE-2026-48166: CVE-2026-48166: Timing-Based User Enumeration on Login Page in Filament

CVE-2026-48166: CVE-2026-48166: Timing-Based User Enumeration on Login Page in Filament

Comments
2 min read
CVE-2026-48167: CVE-2026-48167: Stored Cross-Site Scripting (XSS) via Attribute Injection in Filament ImageColumn and ImageEntry

CVE-2026-48167: CVE-2026-48167: Stored Cross-Site Scripting (XSS) via Attribute Injection in Filament ImageColumn and ImageEntry

Comments
2 min read
CVE-2026-48480: CVE-2026-48480: Undetected Stream Truncation in netty-incubator-codec-ohttp

CVE-2026-48480: CVE-2026-48480: Undetected Stream Truncation in netty-incubator-codec-ohttp

Comments
2 min read
CVE-2026-48488: CVE-2026-48488: Weak Cryptographic Hash (SHA-1) Usage for Attachment Encryption Keys in phpMyFAQ

CVE-2026-48488: CVE-2026-48488: Weak Cryptographic Hash (SHA-1) Usage for Attachment Encryption Keys in phpMyFAQ

Comments
2 min read
CVE-2026-48493: CVE-2026-48493: Self-Privilege Escalation via Profile Modification in Snipe-IT

CVE-2026-48493: CVE-2026-48493: Self-Privilege Escalation via Profile Modification in Snipe-IT

Comments
2 min read
CVE-2026-48500: CVE-2026-48500: Unauthenticated File Upload and Resource Exhaustion in Filament Admins

CVE-2026-48500: CVE-2026-48500: Unauthenticated File Upload and Resource Exhaustion in Filament Admins

Comments
2 min read
GHSA-WCMJ-X466-56MM: GHSA-WCMJ-X466-56MM: Arbitrary File Write via UNIX Symbolic Link Following in OpenTofu

GHSA-WCMJ-X466-56MM: GHSA-WCMJ-X466-56MM: Arbitrary File Write via UNIX Symbolic Link Following in OpenTofu

Comments
2 min read
CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features

CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features

Comments
2 min read
GHSA-W2J7-F3C6-G8CW: GHSA-w2j7-f3c6-g8cw: Open Redirect Bypass via Parser Differential in Flask-Security

GHSA-W2J7-F3C6-G8CW: GHSA-w2j7-f3c6-g8cw: Open Redirect Bypass via Parser Differential in Flask-Security

Comments
2 min read
CVE-2026-49205: CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints

CVE-2026-49205: CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints

Comments
2 min read
GHSA-74P7-6H78-GW8P: GHSA-74P7-6H78-GW8P: Multiple Critical Security Flaws in skillctl Agent-Skill Manager

GHSA-74P7-6H78-GW8P: GHSA-74P7-6H78-GW8P: Multiple Critical Security Flaws in skillctl Agent-Skill Manager

Comments
2 min read
loading...