DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
GHSA-HGV7-V322-MMGR: GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch
cverports profile

GHSA-HGV7-V322-MMGR: GHSA-HGV7-V322-MMGR: SSR Session Cross-Talk and Data Exposure in SvelteKit query.batch

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-VRXG-GM77-7Q5G: GHSA-vrxg-gm77-7q5g: Unauthenticated Remote Code Execution in Windows-MCP HTTP Transport
cverports profile

GHSA-VRXG-GM77-7Q5G: GHSA-vrxg-gm77-7q5g: Unauthenticated Remote Code Execution in Windows-MCP HTTP Transport

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-PXH5-6RRC-8RJV: GHSA-PXH5-6RRC-8RJV: Client-Side Denial of Service in OpenTofu via Crafted HTTP/2 SETTINGS Frame
cverports profile

GHSA-PXH5-6RRC-8RJV: GHSA-PXH5-6RRC-8RJV: Client-Side Denial of Service in OpenTofu via Crafted HTTP/2 SETTINGS Frame

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-MW8F-W6P8-XRF4: GHSA-MW8F-W6P8-XRF4: Cross-Tenant Account Deletion and Authorization Bypass in wger via Flawed Null Comparison
cverports profile

GHSA-MW8F-W6P8-XRF4: GHSA-MW8F-W6P8-XRF4: Cross-Tenant Account Deletion and Authorization Bypass in wger via Flawed Null Comparison

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-M837-XVXR-VQWG: GHSA-m837-xvxr-vqwg: Hardcoded CORS Wildcard Enables Cross-Origin Credential Abuse in Flowise
cverports profile

GHSA-M837-XVXR-VQWG: GHSA-m837-xvxr-vqwg: Hardcoded CORS Wildcard Enables Cross-Origin Credential Abuse in Flowise

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-45829: CVE-2026-45829: Pre-Authentication Remote Code Execution in ChromaDB via ChromaToast
cverports profile

CVE-2026-45829: CVE-2026-45829: Pre-Authentication Remote Code Execution in ChromaDB via ChromaToast

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-9082: CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core PostgreSQL Driver
cverports profile

CVE-2026-9082: CVE-2026-9082: Unauthenticated SQL Injection in Drupal Core PostgreSQL Driver

#security #cve #cybersecurity
Comments
2 min read
GHSA-59FH-9F3P-7M39: GHSA-59FH-9F3P-7M39: Mass Assignment in Flowise Profile Update Endpoint
cverports profile

GHSA-59FH-9F3P-7M39: GHSA-59FH-9F3P-7M39: Mass Assignment in Flowise Profile Update Endpoint

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-C2C9-MFW7-P8HW: GHSA-C2C9-MFW7-P8HW: Cross-Workspace Chatflow Disclosure in Flowise
cverports profile

GHSA-C2C9-MFW7-P8HW: GHSA-C2C9-MFW7-P8HW: Cross-Workspace Chatflow Disclosure in Flowise

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-46333: CVE-2026-46333: Local Information Disclosure in Linux Kernel Process Exit Path
cverports profile

CVE-2026-46333: CVE-2026-46333: Local Information Disclosure in Linux Kernel Process Exit Path

#security #cve #cybersecurity
Comments
2 min read
GHSA-9QV9-8XV6-5P35: GHSA-9qv9-8xv6-5p35: Unauthenticated Password Reset and Enumeration Flaw in phpMyFAQ
cverports profile

GHSA-9QV9-8XV6-5P35: GHSA-9qv9-8xv6-5p35: Unauthenticated Password Reset and Enumeration Flaw in phpMyFAQ

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-XVP4-PHQJ-CJR3: GHSA-XVP4-PHQJ-CJR3: Insecure Direct Object Reference (IDOR) Leading to Account Takeover in phpMyFAQ
cverports profile

GHSA-XVP4-PHQJ-CJR3: GHSA-XVP4-PHQJ-CJR3: Insecure Direct Object Reference (IDOR) Leading to Account Takeover in phpMyFAQ

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-GP95-J463-VV28: GHSA-GP95-J463-VV28: Authentication Bypass via Insecure Default Token in phpMyFAQ REST API
cverports profile

GHSA-GP95-J463-VV28: GHSA-GP95-J463-VV28: Authentication Bypass via Insecure Default Token in phpMyFAQ REST API

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-W9XH-5F39-VQ89: GHSA-w9xh-5f39-vq89: Authentication Bypass and Account Takeover via Weak Password Recovery in phpMyFAQ
cverports profile

GHSA-W9XH-5F39-VQ89: GHSA-w9xh-5f39-vq89: Authentication Bypass and Account Takeover via Weak Password Recovery in phpMyFAQ

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-40370: CVE-2026-40370: Authenticated Remote Code Execution in Microsoft SQL Server via Path Manipulation
cverports profile

CVE-2026-40370: CVE-2026-40370: Authenticated Remote Code Execution in Microsoft SQL Server via Path Manipulation

#security #cve #cybersecurity
Comments
3 min read
CVE-2026-32175: CVE-2026-32175: Absolute Path Traversal and Arbitrary File Write in .NET Core Archive Extraction
cverports profile

CVE-2026-32175: CVE-2026-32175: Absolute Path Traversal and Arbitrary File Write in .NET Core Archive Extraction

#security #cve #cybersecurity
Comments
2 min read
GHSA-7HGR-7H44-33W2: GHSA-7HGR-7H44-33W2: Unauthenticated Browser Control via Confused Deputy in camofox-mcp
cverports profile

GHSA-7HGR-7H44-33W2: GHSA-7HGR-7H44-33W2: Unauthenticated Browser Control via Confused Deputy in camofox-mcp

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-45773: CVE-2026-45773: Cross-Site Request Forgery and Session Fixation in Turborepo CLI
cverports profile

CVE-2026-45773: CVE-2026-45773: Cross-Site Request Forgery and Session Fixation in Turborepo CLI

#security #cve #cybersecurity
Comments
2 min read
GHSA-HC3C-63HC-2R9F: GHSA-HC3C-63HC-2R9F: Denial of Service via Uncaught Exception in libcrux-chacha20poly1305
cverports profile

GHSA-HC3C-63HC-2R9F: GHSA-HC3C-63HC-2R9F: Denial of Service via Uncaught Exception in libcrux-chacha20poly1305

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-FHVH-VW7H-9XF3: GHSA-FHVH-VW7H-9XF3: Cryptographic Signature Forgery via AVX2 Logic Error in libcrux-ml-dsa
cverports profile

GHSA-FHVH-VW7H-9XF3: GHSA-FHVH-VW7H-9XF3: Cryptographic Signature Forgery via AVX2 Logic Error in libcrux-ml-dsa

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-45740: CVE-2026-45740: Uncontrolled Recursion in protobufjs Leading to Denial of Service
cverports profile

CVE-2026-45740: CVE-2026-45740: Uncontrolled Recursion in protobufjs Leading to Denial of Service

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32177: CVE-2026-32177: Heap-Based Buffer Overflow in .NET Core and Visual Studio
cverports profile

CVE-2026-32177: CVE-2026-32177: Heap-Based Buffer Overflow in .NET Core and Visual Studio

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-42899: CVE-2026-42899: Denial of Service via Infinite Loops in ASP.NET Core Subsystems
cverports profile

CVE-2026-42899: CVE-2026-42899: Denial of Service via Infinite Loops in ASP.NET Core Subsystems

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-35433: CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime
cverports profile

CVE-2026-35433: CVE-2026-35433: Heap-Based Buffer Overflow and Privilege Escalation in .NET Desktop Runtime

#security #cve #cybersecurity
Comments
2 min read
GHSA-JGG6-4RPR-WFH7: GHSA-JGG6-4RPR-WFH7: Mistral AI SDK Supply Chain Compromise via Mini Shai-Hulud Worm
cverports profile

GHSA-JGG6-4RPR-WFH7: GHSA-JGG6-4RPR-WFH7: Mistral AI SDK Supply Chain Compromise via Mini Shai-Hulud Worm

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-FVH2-GM75-J4J7: CVE-2026-42559: DNS Rebinding and CSRF in Model Context Protocol (MCP) HTTP Transport
cverports profile

GHSA-FVH2-GM75-J4J7: CVE-2026-42559: DNS Rebinding and CSRF in Model Context Protocol (MCP) HTTP Transport

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-2728: CVE-2026-2728: Authenticated Stored Cross-Site Scripting (XSS) in LibreNMS RANCID Configuration
cverports profile

CVE-2026-2728: CVE-2026-2728: Authenticated Stored Cross-Site Scripting (XSS) in LibreNMS RANCID Configuration

#security #cve #cybersecurity
Comments
2 min read
GHSA-C55G-RP4X-FX84: GHSA-C55G-RP4X-FX84: Integer Overflow and Out-of-Bounds Access in DirectX Tool Kit SpriteFont Parser
cverports profile

GHSA-C55G-RP4X-FX84: GHSA-C55G-RP4X-FX84: Integer Overflow and Out-of-Bounds Access in DirectX Tool Kit SpriteFont Parser

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5R97-79VW-QVM4: GHSA-5r97-79vw-qvm4: Integer Overflow and Memory Corruption in Microsoft DirectXTK12 SpriteFont Parser
cverports profile

GHSA-5R97-79VW-QVM4: GHSA-5r97-79vw-qvm4: Integer Overflow and Memory Corruption in Microsoft DirectXTK12 SpriteFont Parser

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-6402: CVE-2026-6402: Cross-Origin Source Code Exposure in webpack-dev-server
cverports profile

CVE-2026-6402: CVE-2026-6402: Cross-Origin Source Code Exposure in webpack-dev-server

#security #cve #cybersecurity
Comments
2 min read
GHSA-97R8-RF7Q-WMJW: GHSA-97R8-RF7Q-WMJW: Stored Cross-Site Scripting via Sanitize-then-Decode Flaw in Sveltia CMS
cverports profile

GHSA-97R8-RF7Q-WMJW: GHSA-97R8-RF7Q-WMJW: Stored Cross-Site Scripting via Sanitize-then-Decode Flaw in Sveltia CMS

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2020-17103: CVE-2020-17103: Local Privilege Escalation in Windows Cloud Files Mini Filter Driver
cverports profile

CVE-2020-17103: CVE-2020-17103: Local Privilege Escalation in Windows Cloud Files Mini Filter Driver

#security #cve #cybersecurity
Comments
2 min read
GHSA-WXW3-Q3M9-C3JR: GHSA-WXW3-Q3M9-C3JR: Login CSRF via Insufficient OAuth State Verification in Better Auth
cverports profile

GHSA-WXW3-Q3M9-C3JR: GHSA-WXW3-Q3M9-C3JR: Login CSRF via Insufficient OAuth State Verification in Better Auth

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-VFVV-C25P-M7MM: GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections
cverports profile

GHSA-VFVV-C25P-M7MM: GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-RC6V-5RMX-W5MV: GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabilities in Arnika
cverports profile

GHSA-RC6V-5RMX-W5MV: GHSA-RC6V-5RMX-W5MV: Multi-Vector Cryptographic and State Machine Vulnerabilities in Arnika

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QXVM-R42F-5P8J: GHSA-QXVM-R42F-5P8J: Authentication Bypass via Meet Plugin in AVideo
cverports profile

GHSA-QXVM-R42F-5P8J: GHSA-QXVM-R42F-5P8J: Authentication Bypass via Meet Plugin in AVideo

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-46383: CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsoft APM
cverports profile

CVE-2026-46383: CVE-2026-46383: Arbitrary File Overwrite via Path Traversal (TarSlip) in Microsoft APM

#security #cve #cybersecurity
Comments
2 min read
GHSA-MXG3-432P-MR72: GHSA-MXG3-432P-MR72: SSH Host Key Verification Disabled in goshs
cverports profile

GHSA-MXG3-432P-MR72: GHSA-MXG3-432P-MR72: SSH Host Key Verification Disabled in goshs

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-23899: CVE-2026-23899: Improper Access Check in Joomla! com_config Webservices
cverports profile

CVE-2026-23899: CVE-2026-23899: Improper Access Check in Joomla! com_config Webservices

#security #cve #cybersecurity
Comments
2 min read
GHSA-F3CJ-J4F6-WQ85: GHSA-f3cj-j4f6-wq85: Server-Side Rendering Cross-Site Scripting in Svelte hydratable Promises
cverports profile

GHSA-F3CJ-J4F6-WQ85: GHSA-f3cj-j4f6-wq85: Server-Side Rendering Cross-Site Scripting in Svelte hydratable Promises

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-WF8Q-WVV8-P8JF: GHSA-WF8Q-WVV8-P8JF: Unauthenticated User Impersonation in MCPHub SSE Endpoint
cverports profile

GHSA-WF8Q-WVV8-P8JF: GHSA-WF8Q-WVV8-P8JF: Unauthenticated User Impersonation in MCPHub SSE Endpoint

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-GXHX-2686-5H9G: GHSA-gxhx-2686-5h9g: Signature Verification Bypass in slack-go via Empty SecretsVerifier
cverports profile

GHSA-GXHX-2686-5H9G: GHSA-gxhx-2686-5h9g: Signature Verification Bypass in slack-go via Empty SecretsVerifier

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-42897: CVE-2026-42897: Reflected Cross-Site Scripting in Microsoft Exchange Server OWA
cverports profile

CVE-2026-42897: CVE-2026-42897: Reflected Cross-Site Scripting in Microsoft Exchange Server OWA

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-45369: CVE-2026-45369: OS Command Injection in python-utcp CLI Protocol
cverports profile

CVE-2026-45369: CVE-2026-45369: OS Command Injection in python-utcp CLI Protocol

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses
cverports profile

CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-45411: CVE-2026-45411: Remote Code Execution via Sandbox Escape in vm2 Async Generator Implementation
cverports profile

CVE-2026-45411: CVE-2026-45411: Remote Code Execution via Sandbox Escape in vm2 Async Generator Implementation

#security #cve #cybersecurity
Comments
2 min read
GHSA-7RX4-C5VX-G8W3: GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata Extraction Workers
cverports profile

GHSA-7RX4-C5VX-G8W3: GHSA-7RX4-C5VX-G8W3: Server-Side Request Forgery Bypass in Karakeep Metadata Extraction Workers

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-9M65-766C-R333: GHSA-9M65-766C-R333: Type Confusion in Seroval Leading to Unintended Function Execution in TanStack Start
cverports profile

GHSA-9M65-766C-R333: GHSA-9M65-766C-R333: Type Confusion in Seroval Leading to Unintended Function Execution in TanStack Start

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-7G73-99R4-M4MJ: GHSA-7G73-99R4-M4MJ: Credential Data Leak in FlowiseAI API Responses
cverports profile

GHSA-7G73-99R4-M4MJ: GHSA-7G73-99R4-M4MJ: Credential Data Leak in FlowiseAI API Responses

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-42793: CVE-2026-42793: Unauthenticated Remote Denial of Service in Absinthe GraphQL via Atom Exhaustion
cverports profile

CVE-2026-42793: CVE-2026-42793: Unauthenticated Remote Denial of Service in Absinthe GraphQL via Atom Exhaustion

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-43967: CVE-2026-43967: Denial of Service via Algorithmic Complexity in Absinthe GraphQL Fragment Validation
cverports profile

CVE-2026-43967: CVE-2026-43967: Denial of Service via Algorithmic Complexity in Absinthe GraphQL Fragment Validation

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-8178: CVE-2026-8178: Remote Code Execution via Unsafe Reflection in Amazon Redshift JDBC Driver
cverports profile

CVE-2026-8178: CVE-2026-8178: Remote Code Execution via Unsafe Reflection in Amazon Redshift JDBC Driver

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-42945: CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module
cverports profile

CVE-2026-42945: CVE-2026-42945: Heap-based Buffer Overflow in NGINX ngx_http_rewrite_module

#security #cve #cybersecurity
Comments
2 min read
GHSA-VW82-7FV8-R6GP: GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration
cverports profile

GHSA-VW82-7FV8-R6GP: GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-V25J-WQCW-FVHJ: GHSA-V25J-WQCW-FVHJ: Uncontrolled Resource Consumption via Unbounded Date Sequences in wger
cverports profile

GHSA-V25J-WQCW-FVHJ: GHSA-V25J-WQCW-FVHJ: Uncontrolled Resource Consumption via Unbounded Date Sequences in wger

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-429Q-FHH4-R6HJ: GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor InterfaceAccount
cverports profile

GHSA-429Q-FHH4-R6HJ: GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor InterfaceAccount

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-44738: CVE-2026-44738: Grav CMS Twig Sandbox Information Disclosure via Config::toArray()
cverports profile

CVE-2026-44738: CVE-2026-44738: Grav CMS Twig Sandbox Information Disclosure via Config::toArray()

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-45091: CVE-2026-45091: Cleartext TOTP Secret Exposure in sealed-env JWS Tokens
cverports profile

CVE-2026-45091: CVE-2026-45091: Cleartext TOTP Secret Exposure in sealed-env JWS Tokens

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32686: CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal
cverports profile

CVE-2026-32686: CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-43284: CVE-2026-43284: "Dirty Frag" Local Privilege Escalation via Linux Kernel Page Cache Corruption
cverports profile

CVE-2026-43284: CVE-2026-43284: "Dirty Frag" Local Privilege Escalation via Linux Kernel Page Cache Corruption

#security #cve #cybersecurity
Comments
3 min read
loading...