DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
CVE-2026-33202: CVE-2026-33202: Glob Injection and Arbitrary File Deletion in Rails Active Storage
cverports profile

CVE-2026-33202: CVE-2026-33202: Glob Injection and Arbitrary File Deletion in Rails Active Storage

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33176: CVE-2026-33176: Denial of Service via Scientific Notation in Rails Active Support Number Helpers
cverports profile

CVE-2026-33176: CVE-2026-33176: Denial of Service via Scientific Notation in Rails Active Support Number Helpers

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33167: CVE-2026-33167: Cross-Site Scripting (XSS) in Ruby on Rails Action Pack Debug Exceptions
cverports profile

CVE-2026-33167: CVE-2026-33167: Cross-Site Scripting (XSS) in Ruby on Rails Action Pack Debug Exceptions

#security #cve #cybersecurity
Comments
2 min read
GHSA-Q5PR-72PQ-83V3: GHSA-Q5PR-72PQ-83V3: Unbounded Chunked Cookie Count Denial of Service in h3
cverports profile

GHSA-Q5PR-72PQ-83V3: GHSA-Q5PR-72PQ-83V3: Unbounded Chunked Cookie Count Denial of Service in h3

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-FP4X-GGRF-WMC6: GHSA-FP4X-GGRF-WMC6: Open Redirect via Protocol-Relative Paths in UnJS H3
cverports profile

GHSA-FP4X-GGRF-WMC6: GHSA-FP4X-GGRF-WMC6: Open Redirect via Protocol-Relative Paths in UnJS H3

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-32278: CVE-2026-32278: Stored Cross-Site Scripting (XSS) via Unrestricted File Upload in Connect-CMS
cverports profile

CVE-2026-32278: CVE-2026-32278: Stored Cross-Site Scripting (XSS) via Unrestricted File Upload in Connect-CMS

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30849: CVE-2026-30849: Authentication Bypass via Type Juggling in MantisBT SOAP API
cverports profile

CVE-2026-30849: CVE-2026-30849: Authentication Bypass via Type Juggling in MantisBT SOAP API

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30886: CVE-2026-30886: Insecure Direct Object Reference in QuantumNous New API Video Proxy
cverports profile

CVE-2026-30886: CVE-2026-30886: Insecure Direct Object Reference in QuantumNous New API Video Proxy

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33499: CVE-2026-33499: Reflected Cross-Site Scripting in WWBN AVideo Password Forms
cverports profile

CVE-2026-33499: CVE-2026-33499: Reflected Cross-Site Scripting in WWBN AVideo Password Forms

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33513: CVE-2026-33513: Unauthenticated Local File Inclusion in WWBN AVideo API Plugin
cverports profile

CVE-2026-33513: CVE-2026-33513: Unauthenticated Local File Inclusion in WWBN AVideo API Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33500: CVE-2026-33500: Stored Cross-Site Scripting via Markdown Parsing Bypass in WWBN AVideo
cverports profile

CVE-2026-33500: CVE-2026-33500: Stored Cross-Site Scripting via Markdown Parsing Bypass in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33501: CVE-2026-33501: Missing Authorization Information Disclosure in WWBN AVideo Permissions Plugin
cverports profile

CVE-2026-33501: CVE-2026-33501: Missing Authorization Information Disclosure in WWBN AVideo Permissions Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33507: CVE-2026-33507: Remote Code Execution via Cross-Site Request Forgery in WWBN AVideo
cverports profile

CVE-2026-33507: CVE-2026-33507: Remote Code Execution via Cross-Site Request Forgery in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33502: CVE-2026-33502: Unauthenticated SSRF and Command Injection in WWBN AVideo
cverports profile

CVE-2026-33502: CVE-2026-33502: Unauthenticated SSRF and Command Injection in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2025-55988: CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core
cverports profile

CVE-2025-55988: CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core

#security #cve #cybersecurity
Comments
2 min read
GHSA-F67F-HCR6-94MF: GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows
cverports profile

GHSA-F67F-HCR6-94MF: GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-PWJX-QHCG-RVJ4: GHSA-pwjx-qhcg-rvj4: Certificate Revocation Bypass via Iterator Exhaustion in rustls-webpki
cverports profile

GHSA-PWJX-QHCG-RVJ4: GHSA-pwjx-qhcg-rvj4: Certificate Revocation Bypass via Iterator Exhaustion in rustls-webpki

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-MWJC-5J4X-R686: CVE-2025-34433: Unauthenticated Remote Code Execution via Cryptographic Failures in AVideo
cverports profile

GHSA-MWJC-5J4X-R686: CVE-2025-34433: Unauthenticated Remote Code Execution via Cryptographic Failures in AVideo

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-8FW8-Q79C-FP9M: GHSA-8FW8-Q79C-FP9M: Unauthenticated Local File Inclusion and Remote Code Execution in AVideo API
cverports profile

GHSA-8FW8-Q79C-FP9M: GHSA-8FW8-Q79C-FP9M: Unauthenticated Local File Inclusion and Remote Code Execution in AVideo API

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-X49Q-FHHM-R9JF: GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw
cverports profile

GHSA-X49Q-FHHM-R9JF: GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-32305: CVE-2026-32305: Mutual TLS Bypass via Fragmented ClientHello in Traefik
cverports profile

CVE-2026-32305: CVE-2026-32305: Mutual TLS Bypass via Fragmented ClientHello in Traefik

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33055: CVE-2026-33055: Parser Differential and Archive Smuggling in Rust tar-rs
cverports profile

CVE-2026-33055: CVE-2026-33055: Parser Differential and Archive Smuggling in Rust tar-rs

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33056: CVE-2026-33056: Arbitrary Directory Permission Modification via Symlink Following in tar-rs
cverports profile

CVE-2026-33056: CVE-2026-33056: Arbitrary Directory Permission Modification via Symlink Following in tar-rs

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33312: CVE-2026-33312: Broken Object-Level Authorization (BOLA) in Vikunja Project Background Deletion
cverports profile

CVE-2026-33312: CVE-2026-33312: Broken Object-Level Authorization (BOLA) in Vikunja Project Background Deletion

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32595: CVE-2026-32595: Information Disclosure via Timing Attack in Traefik BasicAuth
cverports profile

CVE-2026-32595: CVE-2026-32595: Information Disclosure via Timing Attack in Traefik BasicAuth

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32701: CVE-2026-32701: Array Method Pollution and Denial of Service in Qwik City Middleware
cverports profile

CVE-2026-32701: CVE-2026-32701: Array Method Pollution and Denial of Service in Qwik City Middleware

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32711: CVE-2026-32711: Path Traversal and Arbitrary File Operations in pydicom FileSet
cverports profile

CVE-2026-32711: CVE-2026-32711: Path Traversal and Arbitrary File Operations in pydicom FileSet

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29794: CVE-2026-29794: Rate Limit Bypass via IP Spoofing in Vikunja
cverports profile

CVE-2026-29794: CVE-2026-29794: Rate Limit Bypass via IP Spoofing in Vikunja

#security #cve #cybersecurity
Comments
2 min read
CVE-2024-6485: CVE-2024-6485: Cross-Site Scripting (XSS) in Bootstrap 3 Button Plugin
cverports profile

CVE-2024-6485: CVE-2024-6485: Cross-Site Scripting (XSS) in Bootstrap 3 Button Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2025-3709: CVE-2025-3709: Critical Account Lockout Bypass in Flowring Agentflow 4.0
cverports profile

CVE-2025-3709: CVE-2025-3709: Critical Account Lockout Bypass in Flowring Agentflow 4.0

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-21666: CVE-2026-21666: Authenticated Remote Code Execution in Veeam Backup & Replication
cverports profile

CVE-2026-21666: CVE-2026-21666: Authenticated Remote Code Execution in Veeam Backup & Replication

#security #cve #cybersecurity
Comments
2 min read
GHSA-2MHW-8QCG-GR96: GHSA-2mhw-8qcg-gr96: Supply Chain RCE in skia-python via Vendored libfreetype (CVE-2025-27363)
cverports profile

GHSA-2MHW-8QCG-GR96: GHSA-2mhw-8qcg-gr96: Supply Chain RCE in skia-python via Vendored libfreetype (CVE-2025-27363)

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-26931: CVE-2026-26931: Denial of Service via Decompression Bomb in Elastic Metricbeat Prometheus remote_write
cverports profile

CVE-2026-26931: CVE-2026-26931: Denial of Service via Decompression Bomb in Elastic Metricbeat Prometheus remote_write

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26933: CVE-2026-26933: Improper Validation of Array Index in Elastic Packetbeat Leading to Denial of Service
cverports profile

CVE-2026-26933: CVE-2026-26933: Improper Validation of Array Index in Elastic Packetbeat Leading to Denial of Service

#security #cve #cybersecurity
Comments
2 min read
GHSA-WGH7-7M3C-FX25: GHSA-WGH7-7M3C-FX25: Uncontrolled Recursion leading to Denial of Service in Scriban Parser
cverports profile

GHSA-WGH7-7M3C-FX25: GHSA-WGH7-7M3C-FX25: Uncontrolled Recursion leading to Denial of Service in Scriban Parser

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-GRR9-747V-XVCP: GHSA-GRR9-747V-XVCP: Uncontrolled Recursion in Scriban Templates Leads to Denial of Service
cverports profile

GHSA-GRR9-747V-XVCP: GHSA-GRR9-747V-XVCP: Uncontrolled Recursion in Scriban Templates Leads to Denial of Service

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5RPF-X9JG-8J5P: GHSA-5RPF-X9JG-8J5P: Denial of Service via Memory Exhaustion in Scriban
cverports profile

GHSA-5RPF-X9JG-8J5P: GHSA-5RPF-X9JG-8J5P: Denial of Service via Memory Exhaustion in Scriban

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2025-66376: CVE-2025-66376: Stored Cross-Site Scripting via CSS @import in Zimbra ZCS Classic UI
cverports profile

CVE-2025-66376: CVE-2025-66376: Stored Cross-Site Scripting via CSS @import in Zimbra ZCS Classic UI

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-4428: CVE-2026-4428: Improper Check for Certificate Revocation in AWS-LC
cverports profile

CVE-2026-4428: CVE-2026-4428: Improper Check for Certificate Revocation in AWS-LC

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-3029: CVE-2026-3029: Arbitrary File Write via Path Traversal in PyMuPDF CLI
cverports profile

CVE-2026-3029: CVE-2026-3029: Arbitrary File Write via Path Traversal in PyMuPDF CLI

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32694: CVE-2026-32694: Authorization Bypass via Predictable Identifiers and Confused Deputy in Canonical Juju
cverports profile

CVE-2026-32694: CVE-2026-32694: Authorization Bypass via Predictable Identifiers and Confused Deputy in Canonical Juju

#security #cve #cybersecurity
Comments
2 min read
GHSA-Q382-VC8Q-7JHJ: GHSA-Q382-VC8Q-7JHJ: JSON Key Collusion via Null Byte Injection in Model Context Protocol Go SDK
cverports profile

GHSA-Q382-VC8Q-7JHJ: GHSA-Q382-VC8Q-7JHJ: JSON Key Collusion via Null Byte Injection in Model Context Protocol Go SDK

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-W5FF-2MJC-4PHC: GHSA-w5ff-2mjc-4phc: OS Command Injection in AVideo SocialMediaPublisher Plugin
cverports profile

GHSA-W5FF-2MJC-4PHC: GHSA-w5ff-2mjc-4phc: OS Command Injection in AVideo SocialMediaPublisher Plugin

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5X2W-37XF-7962: GHSA-5X2W-37XF-7962: Unauthenticated PGP Decryption and Resource Exhaustion in AVideo
cverports profile

GHSA-5X2W-37XF-7962: GHSA-5X2W-37XF-7962: Unauthenticated PGP Decryption and Resource Exhaustion in AVideo

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-4FCP-JXH7-23X8: GHSA-4FCP-JXH7-23X8: Unbounded YAML Alias Expansion Denial of Service in Dasel
cverports profile

GHSA-4FCP-JXH7-23X8: GHSA-4FCP-JXH7-23X8: Unbounded YAML Alias Expansion Denial of Service in Dasel

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-WVR4-3WQ4-GPC5: GHSA-wvr4-3wq4-gpc5: Unauthenticated Remote Code Execution in MCP Connect /bridge Endpoint
cverports profile

GHSA-WVR4-3WQ4-GPC5: GHSA-wvr4-3wq4-gpc5: Unauthenticated Remote Code Execution in MCP Connect /bridge Endpoint

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QVC2-MG72-JJHX: GHSA-qvc2-mg72-jjhx: Mutation XSS (mXSS) in justhtml HTML Serializer
cverports profile

GHSA-QVC2-MG72-JJHX: GHSA-qvc2-mg72-jjhx: Mutation XSS (mXSS) in justhtml HTML Serializer

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-20963: CVE-2026-20963: Remote Code Execution via Insecure Deserialization in Microsoft SharePoint
cverports profile

CVE-2026-20963: CVE-2026-20963: Remote Code Execution via Insecure Deserialization in Microsoft SharePoint

#security #cve #cybersecurity
Comments
2 min read
GHSA-3RCM-VJRC-P45J: GHSA-3rcm-vjrc-p45j: JustHTML Sanitizer Bypass in Markdown Serialization
cverports profile

GHSA-3RCM-VJRC-P45J: GHSA-3rcm-vjrc-p45j: JustHTML Sanitizer Bypass in Markdown Serialization

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-46FP-8F5P-PF2M: GHSA-46fp-8f5p-pf2m: XSS Filter Bypass via Improper HTML Entity Decoding in Loofah allowed_uri?
cverports profile

GHSA-46FP-8F5P-PF2M: GHSA-46fp-8f5p-pf2m: XSS Filter Bypass via Improper HTML Entity Decoding in Loofah allowed_uri?

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
GHSA-6G7G-W4F8-9C9X: GHSA-6G7G-W4F8-9C9X: Denial of Service via Negative Slice Index in github.com/buger/jsonparser
cverports profile

GHSA-6G7G-W4F8-9C9X: GHSA-6G7G-W4F8-9C9X: Denial of Service via Negative Slice Index in github.com/buger/jsonparser

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JQCQ-XJH3-6G23: GHSA-JQCQ-XJH3-6G23: Denial of Service via Unbounded Allocation in pgproto3
cverports profile

GHSA-JQCQ-XJH3-6G23: GHSA-JQCQ-XJH3-6G23: Denial of Service via Unbounded Allocation in pgproto3

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-786Q-9HCG-V9FF: CVE-2025-55190: Critical Information Disclosure in Argo CD Project API
cverports profile

GHSA-786Q-9HCG-V9FF: CVE-2025-55190: Critical Information Disclosure in Argo CD Project API

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32256: CVE-2026-32256: Infinite Loop Denial of Service in music-metadata ASF Parser
cverports profile

CVE-2026-32256: CVE-2026-32256: Infinite Loop Denial of Service in music-metadata ASF Parser

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-4270: CVE-2026-4270: Local File Access Restriction Bypass in AWS API MCP Server
cverports profile

CVE-2026-4270: CVE-2026-4270: Local File Access Restriction Bypass in AWS API MCP Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-4269: CVE-2026-4269: Remote Code Execution via S3 Bucket Squatting in AWS Bedrock AgentCore Starter Toolkit
cverports profile

CVE-2026-4269: CVE-2026-4269: Remote Code Execution via S3 Bucket Squatting in AWS Bedrock AgentCore Starter Toolkit

#security #cve #cybersecurity
Comments
2 min read
GHSA-4MX9-3C2H-HWHG: GHSA-4MX9-3C2H-HWHG: Reflected Cross-Site Scripting via Incomplete SVG Sanitization Bypass in SiYuan
cverports profile

GHSA-4MX9-3C2H-HWHG: GHSA-4MX9-3C2H-HWHG: Reflected Cross-Site Scripting via Incomplete SVG Sanitization Bypass in SiYuan

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-43W5-MMXV-CPVH: GHSA-43W5-MMXV-CPVH: Denial of Service via Infinite Loop in Micronaut Data Binding
cverports profile

GHSA-43W5-MMXV-CPVH: GHSA-43W5-MMXV-CPVH: Denial of Service via Infinite Loop in Micronaut Data Binding

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-VVP9-7P8X-RFVV: GHSA-VVP9-7P8X-RFVV: Information Leak via Out-of-Bounds Read in lz4_flex
cverports profile

GHSA-VVP9-7P8X-RFVV: GHSA-VVP9-7P8X-RFVV: Information Leak via Out-of-Bounds Read in lz4_flex

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-9W88-79F8-M3VP: GHSA-9W88-79F8-M3VP: Insecure Trailer Handling Allows HTTP Header Injection in ewe
cverports profile

GHSA-9W88-79F8-M3VP: GHSA-9W88-79F8-M3VP: Insecure Trailer Handling Allows HTTP Header Injection in ewe

#security #cve #cybersecurity #ghsa
Comments
2 min read
loading...