CVE Reports - DEV Community

CVE Reports

Jun 27

CVE-2026-55699: CVE-2026-55699: Arbitrary Directory Deletion via Path Traversal in pnpm globalBinDir Resolver

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 27

CVE-2026-55700: CVE-2026-55700: Path Traversal and Arbitrary File Write in pnpm stage download

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 27

GHSA-WW5P-J6CJ-6MQQ: GHSA-WW5P-J6CJ-6MQQ: Credential Exposure in Nezha Dashboard DDNS and Notification APIs

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 27

GHSA-FR4H-3CPH-29XV: GHSA-FR4H-3CPH-29XV: Path Traversal and Directory Hijacking in pnpm and pacquet Dependency Resolution

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 27

GHSA-72R4-9C5J-MJ57: GHSA-72R4-9C5J-MJ57: Arbitrary File Deletion via Path Traversal in pnpm patch-remove

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 27

GHSA-QRV3-253H-G69C: GHSA-QRV3-253H-G69C: Path Traversal and Arbitrary Symlink Creation via configDependencies in pnpm

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 26

CVE-2026-49340: CVE-2026-49340: Arbitrary File Write via Path Traversal in Gonic Subsonic Playlist Handler

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

GHSA-985R-Q3QP-299H: GHSA-985R-Q3QP-299H: Incomplete Fix in phpMyFAQ Admin API Enables Privilege Escalation and Account Takeover

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 26

CVE-2026-48788: CVE-2026-48788: Cross-Site Scripting and Content-Type Spoofing in Remark42 Image Proxy

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-53462: CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39832: CVE-2026-39832: Silent Drop of Destination Constraints in golang.org/x/crypto SSH Agent Client

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-46597: CVE-2026-46597: Remote Denial of Service in golang.org/x/crypto/ssh via AES-GCM Padding Integer Overflow

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39828: CVE-2026-39828: Go SSH Server PartialSuccessError Permissions Discard Bypass

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39835: CVE-2026-39835: Remote Denial of Service via Null Pointer Dereference in Go SSH CertChecker

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39827: CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh)

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39830: CVE-2026-39830: Unsolicited Response Channel Deadlock and Resource Leak in golang.org/x/crypto/ssh

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39829: CVE-2026-39829: Denial of Service in Go SSH Parser

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39831: CVE-2026-39831: Authentication Bypass in golang.org/x/crypto/ssh via FIDO/U2F User Presence Bypass

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-39834: CVE-2026-39834: Infinite Loop and CPU Exhaustion via Integer Truncation in Go SSH Channel Write

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 26

CVE-2026-42508: CVE-2026-42508: Bypass of SSH Certificate Authority Revocation in golang.org/x/crypto/ssh/knownhosts

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 25

CVE-2026-46595: CVE-2026-46595: Critical Authorization Bypass via source-address Validation Failure in golang.org/x/crypto/ssh

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 25

CVE-2026-48517: CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 25

CVE-2026-48713: CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48708: CVE-2026-48708: Concurrent Template Parsing Race Condition in OliveTin leading to Cross-Request Command Contamination

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48709: CVE-2026-48709: Missing Authorization in OliveTin ValidateArgumentType RPC Endpoint

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48166: CVE-2026-48166: Timing-Based User Enumeration on Login Page in Filament

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48167: CVE-2026-48167: Stored Cross-Site Scripting (XSS) via Attribute Injection in Filament ImageColumn and ImageEntry

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48480: CVE-2026-48480: Undetected Stream Truncation in netty-incubator-codec-ohttp

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48488: CVE-2026-48488: Weak Cryptographic Hash (SHA-1) Usage for Attachment Encryption Keys in phpMyFAQ

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48493: CVE-2026-48493: Self-Privilege Escalation via Profile Modification in Snipe-IT

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

CVE-2026-48500: CVE-2026-48500: Unauthenticated File Upload and Resource Exhaustion in Filament Admins

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

GHSA-WCMJ-X466-56MM: GHSA-WCMJ-X466-56MM: Arbitrary File Write via UNIX Symbolic Link Following in OpenTofu

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 24

CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 24

GHSA-W2J7-F3C6-G8CW: GHSA-w2j7-f3c6-g8cw: Open Redirect Bypass via Parser Differential in Flask-Security

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 23

CVE-2026-49205: CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 23

GHSA-74P7-6H78-GW8P: GHSA-74P7-6H78-GW8P: Multiple Critical Security Flaws in skillctl Agent-Skill Manager

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 23

CVE-2026-48153: CVE-2026-48153: Server-Side Request Forgery in Budibase OAuth2 SDK

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 23

GHSA-GHMH-JHMJ-WCMF: GHSA-GHMH-JHMJ-WCMF: Plaintext Storage of Enrollment Tokens at Rest in SQLite in nebula-mesh

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-HVQH-JW65-WCPQ: GHSA-HVQH-JW65-WCPQ: Cross-Site Scripting (XSS) in devbridge-autocomplete

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

CVE-2024-37155: CVE-2024-37155: Security Bypass in OpenCTI GraphQL Introspection via Whitespace and Control Character Manipulation

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 22

CVE-2025-58048: CVE-2025-58048: Remote Code Execution via Unrestricted Ticket Attachment Uploads in Paymenter

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 22

CVE-2026-21887: CVE-2026-21887: Server-Side Request Forgery in OpenCTI Data Ingestion Component

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 22

GHSA-6GQW-JQV7-V88M: GHSA-6GQW-JQV7-V88M: Multi-Tenant Isolation Bypass in stigmem-node via Missing SQL Tenant Predicates

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-V3F4-W7R7-V3HM: GHSA-v3f4-w7r7-v3hm: Remote Command Execution via Origin Validation Error in Uni-CLI Legacy HTTP Transport

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-C795-2G9C-J48M: GHSA-C795-2G9C-J48M: Remote Path Traversal and Arbitrary File Write in EverOS Memory Ingestion

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-X975-RGX4-5FH4: GHSA-X975-RGX4-5FH4: Unescaped Locator Data Cross-Site Scripting in appium-mcp MCP-UI Resource

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-H3M5-97JQ-QJRF: GHSA-H3M5-97JQ-QJRF: Insecure Direct Object Reference (IDOR) Cross-Realm Bulk Alarm Deletion in OpenRemote Manager

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-WVRH-2F4M-924V: GHSA-wvrh-2f4m-924v: Symlink-Following Arbitrary File Write in ChatterBot UbuntuCorpusTrainer

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 22

GHSA-CW6H-FFMH-X6VH: GHSA-CW6H-FFMH-X6VH: Arbitrary Local File Disclosure via Same-Origin Policy Bypass in Anki Desktop

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 21

GHSA-4CC2-G9W2-FHF6: GHSA-4cc2-g9w2-fhf6: Server-Side Request Forgery in python-zeep via Transitive Schema Resolution

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 21

CVE-2026-11941: CVE-2026-11941: Use-After-Free Vulnerabilities in Cloudflare Quiche FFI Layer

#security #cve #cybersecurity

2 min read

CVE Reports

Jun 21

GHSA-C3XH-98XP-6QHF: GHSA-C3XH-98XP-6QHF: Command Injection via Issue Title in Discord Notification Workflow

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 21

GHSA-F4XH-W4CJ-QXQ8: GHSA-F4XH-W4CJ-QXQ8: Arbitrary Server-Side File Read in LangSmith SDK TracingMiddleware

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 20

GHSA-H5X8-XP6M-X6Q4: GHSA-H5X8-XP6M-X6Q4: Unvalidated Signature Generation in @jhb.software/payload-cloudinary-plugin

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 20

GHSA-G2GW-Q38M-VJFC: GHSA-G2GW-Q38M-VJFC: Server-Side Request Forgery and Bearer Token Exfiltration in @merill/lokka

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 20

GHSA-4XGF-CPJX-PC3J: GHSA-4xgf-cpjx-pc3j: Directory Traversal and Symlink Following in Pydantic Settings

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 20

GHSA-H5RG-8P7F-47G2: GHSA-h5rg-8p7f-47g2: Server-Side Request Forgery (SSRF) in SurrealDB Identity & Access Management (IAM) JWKS Fetcher

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 20

GHSA-CC8F-FCX3-GPJR: GHSA-cc8f-fcx3-gpjr: Arbitrary File Disclosure via DEFINE ANALYZER mapper filter in SurrealDB

#security #cve #cybersecurity #ghsa

1 min read

CVE Reports

Jun 20

GHSA-H4H3-3RFJ-X6FQ: GHSA-H4H3-3RFJ-X6FQ: Value-Ordering Oracle Side-Channel via Indexed ORDER BY in SurrealDB

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Jun 20

GHSA-HV6H-HC26-Q48P: GHSA-HV6H-HC26-Q48P: Field-level SELECT permissions bypassed via graph and reference traversals in SurrealDB

#security #cve #cybersecurity #ghsa

2 min read

One Year Club