DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
CVE-2026-49866: CVE-2026-49866: CPU-Based Denial of Service in @libp2p/gossipsub Protobuf Parser

CVE-2026-49866: CVE-2026-49866: CPU-Based Denial of Service in @libp2p/gossipsub Protobuf Parser

Comments
1 min read
CVE-2026-49858: CVE-2026-49858: Cross-User Attribute and Relation Leak in API Platform Core Serializers

CVE-2026-49858: CVE-2026-49858: Cross-User Attribute and Relation Leak in API Platform Core Serializers

Comments
2 min read
CVE-2026-5078: CVE-2026-5078: Log Forging and Injection via :remote-user Token in Morgan Logging Middleware

CVE-2026-5078: CVE-2026-5078: Log Forging and Injection via :remote-user Token in Morgan Logging Middleware

Comments
3 min read
CVE-2026-48861: CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

CVE-2026-48861: CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

Comments
3 min read
CVE-2026-49753: CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

CVE-2026-49753: CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

Comments
2 min read
CVE-2026-49754: CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

CVE-2026-49754: CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

Comments
2 min read
CVE-2026-48596: CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

CVE-2026-48596: CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

Comments
2 min read
CVE-2026-48594: CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

CVE-2026-48594: CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

Comments
2 min read
CVE-2026-48595: CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

CVE-2026-48595: CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

Comments
2 min read
CVE-2026-48597: CVE-2026-48597: Denial of Service via Atom Table Exhaustion in Elixir Tesla Client (Mint Adapter)

CVE-2026-48597: CVE-2026-48597: Denial of Service via Atom Table Exhaustion in Elixir Tesla Client (Mint Adapter)

Comments
2 min read
CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla

CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla

Comments
2 min read
CVE-2026-49851: CVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown Parser

CVE-2026-49851: CVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown Parser

Comments
2 min read
CVE-2026-48862: CVE-2026-48862: Unbounded Resource Allocation via HTTP/2 PUSH_PROMISE Flooding in Mint

CVE-2026-48862: CVE-2026-48862: Unbounded Resource Allocation via HTTP/2 PUSH_PROMISE Flooding in Mint

Comments
2 min read
CVE-2026-52778: CVE-2026-52778: Unauthenticated Remote Code Execution and ReDoS in YesWiki Bazar Formula Calculator

CVE-2026-52778: CVE-2026-52778: Unauthenticated Remote Code Execution and ReDoS in YesWiki Bazar Formula Calculator

Comments
2 min read
CVE-2026-54651: CVE-2026-54651: Infinite Loop Vulnerability in pypdf Article Thread Parser

CVE-2026-54651: CVE-2026-54651: Infinite Loop Vulnerability in pypdf Article Thread Parser

Comments
2 min read
GHSA-387M-935M-C4VW: GHSA-387m-935m-c4vw: Unbounded HTTP Redirections Enable Infinite Loop Denial of Service in Micronaut HTTP Client

GHSA-387M-935M-C4VW: GHSA-387m-935m-c4vw: Unbounded HTTP Redirections Enable Infinite Loop Denial of Service in Micronaut HTTP Client

Comments
2 min read
GHSA-Q6GH-6V2R-HJV3: GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client

GHSA-Q6GH-6V2R-HJV3: GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client

Comments
2 min read
GHSA-52VM-MXX8-F227: GHSA-52vm-mxx8-f227: Arbitrary File Write and Decompression Denial of Service in phantom-audio

GHSA-52VM-MXX8-F227: GHSA-52vm-mxx8-f227: Arbitrary File Write and Decompression Denial of Service in phantom-audio

Comments
2 min read
GHSA-C43V-4CR8-6MVP: GHSA-C43V-4CR8-6MVP: Authenticated Path Traversal in Craft CMS Asset Icon Helper

GHSA-C43V-4CR8-6MVP: GHSA-C43V-4CR8-6MVP: Authenticated Path Traversal in Craft CMS Asset Icon Helper

Comments
2 min read
GHSA-86VW-X4WW-X467: CVE-2026-56382: Remote Code Execution in Craft CMS via Yii2 Event Handler Injection

GHSA-86VW-X4WW-X467: CVE-2026-56382: Remote Code Execution in Craft CMS via Yii2 Event Handler Injection

Comments
2 min read
GHSA-382C-VX95-W3P5: GHSA-382C-VX95-W3P5: Missing Access Control on Profile Endpoint and MCP Tool in Gittensory

GHSA-382C-VX95-W3P5: GHSA-382C-VX95-W3P5: Missing Access Control on Profile Endpoint and MCP Tool in Gittensory

Comments
2 min read
CVE-2026-53634: CVE-2026-53634: Missing Authorization in Code16 Sharp Quick Creation Command Controller

CVE-2026-53634: CVE-2026-53634: Missing Authorization in Code16 Sharp Quick Creation Command Controller

Comments
2 min read
CVE-2026-49471: CVE-2026-49471: Unauthenticated Remote Code Execution in Serena MCP Toolkit via DNS Rebinding and Memory Poisoning

CVE-2026-49471: CVE-2026-49471: Unauthenticated Remote Code Execution in Serena MCP Toolkit via DNS Rebinding and Memory Poisoning

Comments
3 min read
GHSA-MXWC-WH95-PW4G: GHSA-MXWC-WH95-PW4G: Denial of Service via Uncontrolled Recursion in Trapster DNS Parser

GHSA-MXWC-WH95-PW4G: GHSA-MXWC-WH95-PW4G: Denial of Service via Uncontrolled Recursion in Trapster DNS Parser

Comments
1 min read
GHSA-Q95X-7G78-RCCV: GHSA-Q95X-7G78-RCCV: Safe Rust Memory Corruption via Use-After-Free in oneringbuf Crate

GHSA-Q95X-7G78-RCCV: GHSA-Q95X-7G78-RCCV: Safe Rust Memory Corruption via Use-After-Free in oneringbuf Crate

Comments
2 min read
CVE-2026-53359: CVE-2026-53359: Use-After-Free in Linux Kernel KVM Shadow MMU (Januscape)

CVE-2026-53359: CVE-2026-53359: Use-After-Free in Linux Kernel KVM Shadow MMU (Januscape)

Comments
3 min read
CVE-2026-48282: CVE-2026-48282: Unauthenticated Path Traversal and Arbitrary File Write in Adobe ColdFusion Remote Development Services

CVE-2026-48282: CVE-2026-48282: Unauthenticated Path Traversal and Arbitrary File Write in Adobe ColdFusion Remote Development Services

Comments
2 min read
GHSA-GQ4G-FPC9-VJFQ: GHSA-gq4g-fpc9-vjfq: Username Enumeration via Predictable Decoy Credentials in web-auth/webauthn-lib

GHSA-GQ4G-FPC9-VJFQ: GHSA-gq4g-fpc9-vjfq: Username Enumeration via Predictable Decoy Credentials in web-auth/webauthn-lib

Comments
2 min read
GHSA-CWV4-H3J5-W3CF: GHSA-CWV4-H3J5-W3CF: Stored and Reflected Cross-Site Scripting in rama's Directory Listing Component

GHSA-CWV4-H3J5-W3CF: GHSA-CWV4-H3J5-W3CF: Stored and Reflected Cross-Site Scripting in rama's Directory Listing Component

Comments
2 min read
GHSA-Q855-8RH5-JFGQ: GHSA-Q855-8RH5-JFGQ: Missing Authentication and CSRF in ha-mcp bare root settings and policy routes

GHSA-Q855-8RH5-JFGQ: GHSA-Q855-8RH5-JFGQ: Missing Authentication and CSRF in ha-mcp bare root settings and policy routes

Comments
3 min read
GHSA-F66Q-9RF6-8795: GHSA-f66q-9rf6-8795: WebAuthn Re-authentication Freshness Bypass in Flask-Security-Too

GHSA-F66Q-9RF6-8795: GHSA-f66q-9rf6-8795: WebAuthn Re-authentication Freshness Bypass in Flask-Security-Too

Comments
2 min read
CVE-2026-50127: CVE-2026-50127: Server-Side Request Forgery Bypass via IPv6 Transition Prefixes in Weblate

CVE-2026-50127: CVE-2026-50127: Server-Side Request Forgery Bypass via IPv6 Transition Prefixes in Weblate

Comments
2 min read
GHSA-86J7-9J95-VPQJ: GHSA-86J7-9J95-VPQJ: Stored Cross-Site Scripting in Better Auth Plugins via Malicious Redirect URIs

GHSA-86J7-9J95-VPQJ: GHSA-86J7-9J95-VPQJ: Stored Cross-Site Scripting in Better Auth Plugins via Malicious Redirect URIs

Comments
2 min read
GHSA-9H47-PQCX-HJR4: GHSA-9H47-PQCX-HJR4: Insecure Cryptographic Defaults in Better Auth OIDC Provider

GHSA-9H47-PQCX-HJR4: GHSA-9H47-PQCX-HJR4: Insecure Cryptographic Defaults in Better Auth OIDC Provider

Comments
2 min read
GHSA-2VG6-77G8-24MP: GHSA-2vg6-77g8-24mp: Insufficient Session Expiration via Incomplete Cleanup in Better Auth Ecosystem

GHSA-2VG6-77G8-24MP: GHSA-2vg6-77g8-24mp: Insufficient Session Expiration via Incomplete Cleanup in Better Auth Ecosystem

Comments
2 min read
GHSA-J8V8-G9CX-5QF4: GHSA-J8V8-G9CX-5QF4: Missing Authorization and Access Control Flaw in @better-auth/scim

GHSA-J8V8-G9CX-5QF4: GHSA-J8V8-G9CX-5QF4: Missing Authorization and Access Control Flaw in @better-auth/scim

Comments
2 min read
GHSA-FQF6-GXHH-2XHW: GHSA-FQF6-GXHH-2XHW: Silent Data Loss and Behavioral Mismatch in uutils coreutils Backup Logic

GHSA-FQF6-GXHH-2XHW: GHSA-FQF6-GXHH-2XHW: Silent Data Loss and Behavioral Mismatch in uutils coreutils Backup Logic

Comments
2 min read
CVE-2025-46571: CVE-2025-46571: Stored Cross-Site Scripting (XSS) in Open WebUI

CVE-2025-46571: CVE-2025-46571: Stored Cross-Site Scripting (XSS) in Open WebUI

Comments
2 min read
CVE-2025-46719: CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI

CVE-2025-46719: CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI

Comments
2 min read
CVE-2026-26192: CVE-2026-26192: Stored Cross-Site Scripting via Insecure Iframe Sandbox in Open WebUI

CVE-2026-26192: CVE-2026-26192: Stored Cross-Site Scripting via Insecure Iframe Sandbox in Open WebUI

Comments
2 min read
CVE-2026-26193: CVE-2026-26193: Stored XSS via iFrame Embeds in Open WebUI Response Messages

CVE-2026-26193: CVE-2026-26193: Stored XSS via iFrame Embeds in Open WebUI Response Messages

Comments
2 min read
CVE-2026-34225: CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint

CVE-2026-34225: CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint

Comments
2 min read
GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

Comments
2 min read
CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

Comments
2 min read
CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

Comments
2 min read
CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

Comments
2 min read
GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

Comments
2 min read
GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

Comments
2 min read
CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo

CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo

Comments
2 min read
CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod

CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod

Comments
2 min read
CVE-2026-35381: CVE-2026-35381: Input Sanitization and Logic Bypass in uutils coreutils cut Utility

CVE-2026-35381: CVE-2026-35381: Input Sanitization and Logic Bypass in uutils coreutils cut Utility

Comments
2 min read
CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass

CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass

Comments
2 min read
CVE-2026-35366: CVE-2026-35366: Security Inspection Bypass in uutils coreutils printenv via non-UTF-8 Environment Variables

CVE-2026-35366: CVE-2026-35366: Security Inspection Bypass in uutils coreutils printenv via non-UTF-8 Environment Variables

Comments
2 min read
GHSA-X76W-8C62-48MG: GHSA-X76W-8C62-48MG: Missing Authorization in Craft CMS AssetsController Leads to Private Asset Disclosure

GHSA-X76W-8C62-48MG: GHSA-X76W-8C62-48MG: Missing Authorization in Craft CMS AssetsController Leads to Private Asset Disclosure

Comments
2 min read
CVE-2026-35371: CVE-2026-35371: Logical Identity Spoofing in uutils coreutils id Utility

CVE-2026-35371: CVE-2026-35371: Logical Identity Spoofing in uutils coreutils id Utility

Comments
2 min read
CVE-2026-35339: CVE-2026-35339: Incorrect Exit Status Propagation in Rust uutils/coreutils chmod Recursive Execution

CVE-2026-35339: CVE-2026-35339: Incorrect Exit Status Propagation in Rust uutils/coreutils chmod Recursive Execution

Comments
2 min read
CVE-2026-35338: CVE-2026-35338: Path Validation Bypass in uutils/coreutils chmod --preserve-root Option

CVE-2026-35338: CVE-2026-35338: Path Validation Bypass in uutils/coreutils chmod --preserve-root Option

Comments
2 min read
GHSA-7JVP-HJ45-2F2M: GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

GHSA-7JVP-HJ45-2F2M: GHSA-7jvp-hj45-2f2m: Scriban Template Writes to Arbitrary CLR Properties via TypedObjectAccessor

Comments
2 min read
CVE-2022-46292: CVE-2022-46292: Heap-Based Out-of-Bounds Write in Open Babel MOPAC Parser

CVE-2022-46292: CVE-2022-46292: Heap-Based Out-of-Bounds Write in Open Babel MOPAC Parser

Comments
2 min read
CVE-2026-48276: CVE-2026-48276: Unrestricted File Upload in Adobe ColdFusion

CVE-2026-48276: CVE-2026-48276: Unrestricted File Upload in Adobe ColdFusion

Comments
2 min read
loading...