DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
CVE-2026-31829: CVE-2026-31829: Server-Side Request Forgery in Flowise HTTP Node
cverports profile

CVE-2026-31829: CVE-2026-31829: Server-Side Request Forgery in Flowise HTTP Node

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-31830: CVE-2026-31830: Verification Bypass via Unchecked Return Value in sigstore-ruby
cverports profile

CVE-2026-31830: CVE-2026-31830: Verification Bypass via Unchecked Return Value in sigstore-ruby

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-31832: CVE-2026-31832: Broken Object-Level Authorization in Umbraco CMS Management API
cverports profile

CVE-2026-31832: CVE-2026-31832: Broken Object-Level Authorization in Umbraco CMS Management API

#security #cve #cybersecurity
Comments
2 min read
GHSA-V8W9-8MX6-G223: GHSA-v8w9-8mx6-g223: Prototype Pollution in Hono parseBody Utility
cverports profile

GHSA-V8W9-8MX6-G223: GHSA-v8w9-8mx6-g223: Prototype Pollution in Hono parseBody Utility

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
GHSA-J443-WCQQ-XPRH: CVE-2025-68121: TLS Session Resumption Trust Bypass in Go crypto/tls
cverports profile

GHSA-J443-WCQQ-XPRH: CVE-2025-68121: TLS Session Resumption Trust Bypass in Go crypto/tls

#security #cve #cybersecurity
Comments
2 min read
GHSA-VHJ5-X93P-67JW: GHSA-vhj5-x93p-67jw: Host Header Poisoning and Open Redirect in actix-web-lab
cverports profile

GHSA-VHJ5-X93P-67JW: GHSA-vhj5-x93p-67jw: Host Header Poisoning and Open Redirect in actix-web-lab

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-29792: CVE-2026-29792: Unauthenticated Account Takeover via Improper Authentication in FeathersJS OAuth
cverports profile

CVE-2026-29792: CVE-2026-29792: Unauthenticated Account Takeover via Improper Authentication in FeathersJS OAuth

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29793: CVE-2026-29793: NoSQL Injection via Missing Type Validation in FeathersJS MongoDB Adapter
cverports profile

CVE-2026-29793: CVE-2026-29793: NoSQL Injection via Missing Type Validation in FeathersJS MongoDB Adapter

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30837: CVE-2026-30837: Regular Expression Denial of Service in Elysia Framework URL Validation
cverports profile

CVE-2026-30837: CVE-2026-30837: Regular Expression Denial of Service in Elysia Framework URL Validation

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30883: CVE-2026-30883: Heap-based Buffer Overflow in ImageMagick PNG Encoder
cverports profile

CVE-2026-30883: CVE-2026-30883: Heap-based Buffer Overflow in ImageMagick PNG Encoder

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-28292: CVE-2026-28292: Remote Code Execution via Regex Case Sensitivity Bypass in simple-git
cverports profile

CVE-2026-28292: CVE-2026-28292: Remote Code Execution via Regex Case Sensitivity Bypass in simple-git

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-27826: CVE-2026-27826: Unauthenticated Server-Side Request Forgery in mcp-atlassian Custom Header Parsing
cverports profile

CVE-2026-27826: CVE-2026-27826: Unauthenticated Server-Side Request Forgery in mcp-atlassian Custom Header Parsing

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-27825: CVE-2026-27825: Arbitrary File Write in mcp-atlassian Confluence Attachment Downloader
cverports profile

CVE-2026-27825: CVE-2026-27825: Arbitrary File Write in mcp-atlassian Confluence Attachment Downloader

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30974: CVE-2026-30974: Stored Cross-Site Scripting via SVG Uploads in copyparty
cverports profile

CVE-2026-30974: CVE-2026-30974: Stored Cross-Site Scripting via SVG Uploads in copyparty

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30957: CVE-2026-30957: Remote Code Execution via Insecure Sandbox Exposure in OneUptime
cverports profile

CVE-2026-30957: CVE-2026-30957: Remote Code Execution via Insecure Sandbox Exposure in OneUptime

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30913: CVE-2026-30913: Link Injection and Content Spoofing in Flarum Nicknames Extension
cverports profile

CVE-2026-30913: CVE-2026-30913: Link Injection and Content Spoofing in Flarum Nicknames Extension

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-3089: CVE-2026-3089: Authenticated Path Traversal in Actual Sync Server
cverports profile

CVE-2026-3089: CVE-2026-3089: Authenticated Path Traversal in Actual Sync Server

#security #cve #cybersecurity
Comments
2 min read
GHSA-XV8G-FJ9H-6GMV: GHSA-xv8g-fj9h-6gmv: Missing Authentication in Linkdave Audio Streaming Server
cverports profile

GHSA-XV8G-FJ9H-6GMV: GHSA-xv8g-fj9h-6gmv: Missing Authentication in Linkdave Audio Streaming Server

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-30925: CVE-2026-30925: Regular Expression Denial of Service (ReDoS) in Parse Server LiveQuery
cverports profile

CVE-2026-30925: CVE-2026-30925: Regular Expression Denial of Service (ReDoS) in Parse Server LiveQuery

#security #cve #cybersecurity
Comments
2 min read
GHSA-PJVX-RX66-R3FG: GHSA-PJVX-RX66-R3FG: Cross-account sender authorization expansion in OpenClaw
cverports profile

GHSA-PJVX-RX66-R3FG: GHSA-PJVX-RX66-R3FG: Cross-account sender authorization expansion in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6MGF-V5J7-45CR: GHSA-6MGF-V5J7-45CR: Sensitive Information Leak via Cross-Origin Redirects in OpenClaw
cverports profile

GHSA-6MGF-V5J7-45CR: GHSA-6MGF-V5J7-45CR: Sensitive Information Leak via Cross-Origin Redirects in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-R6QF-8968-WJ9Q: GHSA-R6QF-8968-WJ9Q: Security Gating Bypass via Off-By-One Logic Error in OpenClaw system.run
cverports profile

GHSA-R6QF-8968-WJ9Q: GHSA-R6QF-8968-WJ9Q: Security Gating Bypass via Off-By-One Logic Error in OpenClaw system.run

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-HFPR-JHPQ-X4RM: GHSA-HFPR-JHPQ-X4RM: Authorization Bypass via Gateway Command Routing in OpenClaw
cverports profile

GHSA-HFPR-JHPQ-X4RM: GHSA-HFPR-JHPQ-X4RM: Authorization Bypass via Gateway Command Routing in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-9Q2P-VC84-2RWM: GHSA-9Q2P-VC84-2RWM: Parser Differential Vulnerability in OpenClaw Security Allowlist
cverports profile

GHSA-9Q2P-VC84-2RWM: GHSA-9Q2P-VC84-2RWM: Parser Differential Vulnerability in OpenClaw Security Allowlist

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-25960: CVE-2026-25960: Server-Side Request Forgery (SSRF) Bypass in vLLM MediaConnector via Parser Differential
cverports profile

CVE-2026-25960: CVE-2026-25960: Server-Side Request Forgery (SSRF) Bypass in vLLM MediaConnector via Parser Differential

#security #cve #cybersecurity
Comments
2 min read
GHSA-9Q36-67VC-RRWG: GHSA-9Q36-67VC-RRWG: Sandbox Escape via Slash Command in OpenClaw ACP
cverports profile

GHSA-9Q36-67VC-RRWG: GHSA-9Q36-67VC-RRWG: Sandbox Escape via Slash Command in OpenClaw ACP

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-93FX-5QGC-WR38: GHSA-93FX-5QGC-WR38: Authenticated Remote Code Execution via Liquidsoap Interpolation in AzuraCast
cverports profile

GHSA-93FX-5QGC-WR38: GHSA-93FX-5QGC-WR38: Authenticated Remote Code Execution via Liquidsoap Interpolation in AzuraCast

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-30848: CVE-2026-30848: Path Traversal Vulnerability in Parse Server PagesRouter
cverports profile

CVE-2026-30848: CVE-2026-30848: Path Traversal Vulnerability in Parse Server PagesRouter

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30850: CVE-2026-30850: Missing Authorization in Parse Server File Metadata Endpoint
cverports profile

CVE-2026-30850: CVE-2026-30850: Missing Authorization in Parse Server File Metadata Endpoint

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30854: CVE-2026-30854: GraphQL Introspection Authorization Bypass in Parse Server
cverports profile

CVE-2026-30854: CVE-2026-30854: GraphQL Introspection Authorization Bypass in Parse Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30863: CVE-2026-30863: JWT Audience Validation Bypass in Parse Server Authentication Adapters
cverports profile

CVE-2026-30863: CVE-2026-30863: JWT Audience Validation Bypass in Parse Server Authentication Adapters

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29196: CVE-2026-29196: WireGuard Private Key Exposure via API in Netmaker
cverports profile

CVE-2026-29196: CVE-2026-29196: WireGuard Private Key Exposure via API in Netmaker

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-25611: CVE-2026-25611: Pre-Authentication Denial of Service via Asymmetric Memory Exhaustion in MongoDB Server
cverports profile

CVE-2026-25611: CVE-2026-25611: Pre-Authentication Denial of Service via Asymmetric Memory Exhaustion in MongoDB Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30852: CVE-2026-30852: Double-Expansion Information Disclosure in Caddy vars_regexp
cverports profile

CVE-2026-30852: CVE-2026-30852: Double-Expansion Information Disclosure in Caddy vars_regexp

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30855: CVE-2026-30855: Broken Object Level Authorization in Tencent WeKnora
cverports profile

CVE-2026-30855: CVE-2026-30855: Broken Object Level Authorization in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30856: CVE-2026-30856: Tool Execution Hijacking and Indirect Prompt Injection in Tencent WeKnora
cverports profile

CVE-2026-30856: CVE-2026-30856: Tool Execution Hijacking and Indirect Prompt Injection in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30857: CVE-2026-30857: Unauthorized Cross-Tenant Knowledge Base Cloning in WeKnora
cverports profile

CVE-2026-30857: CVE-2026-30857: Unauthorized Cross-Tenant Knowledge Base Cloning in WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30858: CVE-2026-30858: Server-Side Request Forgery via DNS Rebinding in Tencent WeKnora
cverports profile

CVE-2026-30858: CVE-2026-30858: Server-Side Request Forgery via DNS Rebinding in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30859: CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora
cverports profile

CVE-2026-30859: CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30860: CVE-2026-30860: Remote Code Execution via SQL Injection Bypass in Tencent WeKnora
cverports profile

CVE-2026-30860: CVE-2026-30860: Remote Code Execution via SQL Injection Bypass in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30861: CVE-2026-30861: Remote Code Execution via Incomplete Command Blacklist in Tencent WeKnora
cverports profile

CVE-2026-30861: CVE-2026-30861: Remote Code Execution via Incomplete Command Blacklist in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
GHSA-5Q8V-J673-M5V4: GHSA-5Q8V-J673-M5V4: Insecure Direct Object Reference and Authorization Bypass in Firefly III API
cverports profile

GHSA-5Q8V-J673-M5V4: GHSA-5Q8V-J673-M5V4: Insecure Direct Object Reference and Authorization Bypass in Firefly III API

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-G9RG-8VQ5-MPWM: GHSA-G9RG-8VQ5-MPWM: Cross-Origin Memory Theft and Information Disclosure in mcp-memory-service
cverports profile

GHSA-G9RG-8VQ5-MPWM: GHSA-G9RG-8VQ5-MPWM: Cross-Origin Memory Theft and Information Disclosure in mcp-memory-service

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-2H2P-MVFX-868W: GHSA-2H2P-MVFX-868W: Critical Path Traversal and Authentication Bypass in SiYuan
cverports profile

GHSA-2H2P-MVFX-868W: GHSA-2H2P-MVFX-868W: Critical Path Traversal and Authentication Bypass in SiYuan

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-Q6WC-XX4M-92FJ: GHSA-q6wc-xx4m-92fj: Improper Authorization in PowerSync Service Sync Streams
cverports profile

GHSA-Q6WC-XX4M-92FJ: GHSA-q6wc-xx4m-92fj: Improper Authorization in PowerSync Service Sync Streams

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6W2R-CFPC-23R5: GHSA-6w2r-cfpc-23r5: Unauthenticated IDOR in AVideo Playlist Endpoints
cverports profile

GHSA-6W2R-CFPC-23R5: GHSA-6w2r-cfpc-23r5: Unauthenticated IDOR in AVideo Playlist Endpoints

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-C8M8-3JCR-6RJ5: GHSA-c8m8-3jcr-6rj5: Hardcoded JWT Signing Secret in FUXA
cverports profile

GHSA-C8M8-3JCR-6RJ5: GHSA-c8m8-3jcr-6rj5: Hardcoded JWT Signing Secret in FUXA

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6F6W-6J58-RQ76: GHSA-6f6w-6j58-rq76: Shell Injection in shescape via Symlink Chain Misidentification
cverports profile

GHSA-6F6W-6J58-RQ76: GHSA-6f6w-6j58-rq76: Shell Injection in shescape via Symlink Chain Misidentification

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-V53H-F6M7-XCGM: GHSA-V53H-F6M7-XCGM: Remote Code Execution in psf/black GitHub Action via pyproject.toml
cverports profile

GHSA-V53H-F6M7-XCGM: GHSA-V53H-F6M7-XCGM: Remote Code Execution in psf/black GitHub Action via pyproject.toml

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QR2G-P6Q7-W82M: GHSA-qr2g-p6q7-w82m: Critical Payment Verification Bypass in Coinbase x402 SDK (Solana)
cverports profile

GHSA-QR2G-P6Q7-W82M: GHSA-qr2g-p6q7-w82m: Critical Payment Verification Bypass in Coinbase x402 SDK (Solana)

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
GHSA-4J36-39GM-8VQ8: OneUptime Synthetic Monitor RCE via Sandbox Escape
cverports profile

GHSA-4J36-39GM-8VQ8: OneUptime Synthetic Monitor RCE via Sandbox Escape

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-PM4J-7R4Q-CCG8: GHSA-PM4J-7R4Q-CCG8: State Inconsistency in Soroban Host Storage Key Conversion
cverports profile

GHSA-PM4J-7R4Q-CCG8: GHSA-PM4J-7R4Q-CCG8: State Inconsistency in Soroban Host Storage Key Conversion

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-H343-GG57-2Q67: CVE-2026-27574: Remote Code Execution in OneUptime Probe via VM Sandbox Escape
cverports profile

GHSA-H343-GG57-2Q67: CVE-2026-27574: Remote Code Execution in OneUptime Probe via VM Sandbox Escape

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30835: CVE-2026-30835: Database Metadata Leak via Malformed Regex in Parse Server
cverports profile

CVE-2026-30835: CVE-2026-30835: Database Metadata Leak via Malformed Regex in Parse Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26018: CVE-2026-26018: Remote Denial of Service in CoreDNS Loop Detection Plugin via Predictable PRNG
cverports profile

CVE-2026-26018: CVE-2026-26018: Remote Denial of Service in CoreDNS Loop Detection Plugin via Predictable PRNG

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29064: CVE-2026-29064: Path Traversal via Symlink Extraction in Zarf
cverports profile

CVE-2026-29064: CVE-2026-29064: Path Traversal via Symlink Extraction in Zarf

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30228: CVE-2026-30228: Authorization Bypass in Parse Server Files API via readOnlyMasterKey
cverports profile

CVE-2026-30228: CVE-2026-30228: Authorization Bypass in Parse Server Files API via readOnlyMasterKey

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30241: CVE-2026-30241: Missing Query Depth Validation in Mercurius GraphQL Subscriptions
cverports profile

CVE-2026-30241: CVE-2026-30241: Missing Query Depth Validation in Mercurius GraphQL Subscriptions

#security #cve #cybersecurity
1
Comments
2 min read
CVE-2026-30229: CVE-2026-30229: Privilege Escalation via Read-Only Master Key in Parse Server
cverports profile

CVE-2026-30229: CVE-2026-30229: Privilege Escalation via Read-Only Master Key in Parse Server

#security #cve #cybersecurity
Comments
2 min read
GHSA-9R75-G2CR-3H76: GHSA-9r75-g2cr-3h76: Predictable Webhook Tokens in Vercel Workflow
cverports profile

GHSA-9R75-G2CR-3H76: GHSA-9r75-g2cr-3h76: Predictable Webhook Tokens in Vercel Workflow

#security #cve #cybersecurity #ghsa
Comments
2 min read
loading...