DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
GHSA-H5X8-XP6M-X6Q4: GHSA-H5X8-XP6M-X6Q4: Unvalidated Signature Generation in @jhb.software/payload-cloudinary-plugin
cverports profile

GHSA-H5X8-XP6M-X6Q4: GHSA-H5X8-XP6M-X6Q4: Unvalidated Signature Generation in @jhb.software/payload-cloudinary-plugin

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-G2GW-Q38M-VJFC: GHSA-G2GW-Q38M-VJFC: Server-Side Request Forgery and Bearer Token Exfiltration in @merill/lokka
cverports profile

GHSA-G2GW-Q38M-VJFC: GHSA-G2GW-Q38M-VJFC: Server-Side Request Forgery and Bearer Token Exfiltration in @merill/lokka

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-4XGF-CPJX-PC3J: GHSA-4xgf-cpjx-pc3j: Directory Traversal and Symlink Following in Pydantic Settings
cverports profile

GHSA-4XGF-CPJX-PC3J: GHSA-4xgf-cpjx-pc3j: Directory Traversal and Symlink Following in Pydantic Settings

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-H5RG-8P7F-47G2: GHSA-h5rg-8p7f-47g2: Server-Side Request Forgery (SSRF) in SurrealDB Identity & Access Management (IAM) JWKS Fetcher
cverports profile

GHSA-H5RG-8P7F-47G2: GHSA-h5rg-8p7f-47g2: Server-Side Request Forgery (SSRF) in SurrealDB Identity & Access Management (IAM) JWKS Fetcher

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-CC8F-FCX3-GPJR: GHSA-cc8f-fcx3-gpjr: Arbitrary File Disclosure via DEFINE ANALYZER mapper filter in SurrealDB
cverports profile

GHSA-CC8F-FCX3-GPJR: GHSA-cc8f-fcx3-gpjr: Arbitrary File Disclosure via DEFINE ANALYZER mapper filter in SurrealDB

#security #cve #cybersecurity #ghsa
Comments
1 min read
GHSA-H4H3-3RFJ-X6FQ: GHSA-H4H3-3RFJ-X6FQ: Value-Ordering Oracle Side-Channel via Indexed ORDER BY in SurrealDB
cverports profile

GHSA-H4H3-3RFJ-X6FQ: GHSA-H4H3-3RFJ-X6FQ: Value-Ordering Oracle Side-Channel via Indexed ORDER BY in SurrealDB

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-HV6H-HC26-Q48P: GHSA-HV6H-HC26-Q48P: Field-level SELECT permissions bypassed via graph and reference traversals in SurrealDB
cverports profile

GHSA-HV6H-HC26-Q48P: GHSA-HV6H-HC26-Q48P: Field-level SELECT permissions bypassed via graph and reference traversals in SurrealDB

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JV2J-MQMW-XVV5: GHSA-jv2j-mqmw-xvv5: Stack Overflow Denial of Service in SurrealDB Query Engine
cverports profile

GHSA-JV2J-MQMW-XVV5: GHSA-jv2j-mqmw-xvv5: Stack Overflow Denial of Service in SurrealDB Query Engine

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-869J-R97X-HX2G: GHSA-869J-R97X-HX2G: Local Path Traversal and Cross-Origin Resource Sharing Bypass in Anki Desktop
cverports profile

GHSA-869J-R97X-HX2G: GHSA-869J-R97X-HX2G: Local Path Traversal and Cross-Origin Resource Sharing Bypass in Anki Desktop

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-11769: CVE-2026-11769: Local File Read and Privilege Escalation in Grafana Operator via Jsonnet Evaluation
cverports profile

CVE-2026-11769: CVE-2026-11769: Local File Read and Privilege Escalation in Grafana Operator via Jsonnet Evaluation

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53725: CVE-2026-53725: Sensitive Information Disclosure via MFA Re-fetch Bypass in Parse Server
cverports profile

CVE-2026-53725: CVE-2026-53725: Sensitive Information Disclosure via MFA Re-fetch Bypass in Parse Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53726: CVE-2026-53726: Authorization Bypass in Parse Server Relation Queries ($relatedTo)
cverports profile

CVE-2026-53726: CVE-2026-53726: Authorization Bypass in Parse Server Relation Queries ($relatedTo)

#security #cve #cybersecurity
Comments
2 min read
GHSA-9GGV-8W38-R7PM: GHSA-9GGV-8W38-R7PM: SQL Injection in TypeORM UpdateQueryBuilder and SoftDeleteQueryBuilder
cverports profile

GHSA-9GGV-8W38-R7PM: GHSA-9GGV-8W38-R7PM: SQL Injection in TypeORM UpdateQueryBuilder and SoftDeleteQueryBuilder

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-C3WQ-J5VH-68RC: GHSA-C3WQ-J5VH-68RC: Hugo Symlink Confinement Bypass in os.ReadFile
cverports profile

GHSA-C3WQ-J5VH-68RC: GHSA-C3WQ-J5VH-68RC: Hugo Symlink Confinement Bypass in os.ReadFile

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-MQQ5-J7W8-2HGH: GHSA-MQQ5-J7W8-2HGH: Missing Authorization in Alchemy CMS API Pages Controller
cverports profile

GHSA-MQQ5-J7W8-2HGH: GHSA-MQQ5-J7W8-2HGH: Missing Authorization in Alchemy CMS API Pages Controller

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-WFPW-MMFH-QQ69: GHSA-WFPW-MMFH-QQ69: Use-After-Free Vulnerability in Nokogiri XML Node-Level XInclude Processing
cverports profile

GHSA-WFPW-MMFH-QQ69: GHSA-WFPW-MMFH-QQ69: Use-After-Free Vulnerability in Nokogiri XML Node-Level XInclude Processing

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-PHWJ-RPRQ-35PP: GHSA-PHWJ-RPRQ-35PP: Use-After-Free Vulnerability in Nokogiri XML Attribute Value Modification
cverports profile

GHSA-PHWJ-RPRQ-35PP: GHSA-PHWJ-RPRQ-35PP: Use-After-Free Vulnerability in Nokogiri XML Attribute Value Modification

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-VMHF-C436-HXJ4: GHSA-VMHF-C436-HXJ4: Client-side Stored Cross-Site Scripting (XSS) in JupyterLab Extension Manager
cverports profile

GHSA-VMHF-C436-HXJ4: GHSA-VMHF-C436-HXJ4: Client-side Stored Cross-Site Scripting (XSS) in JupyterLab Extension Manager

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JV2H-4P9V-WF5W: GHSA-JV2H-4P9V-WF5W: Arbitrary Remote Code Execution via Incomplete Environment Denylist in Ouroboros AI
cverports profile

GHSA-JV2H-4P9V-WF5W: GHSA-JV2H-4P9V-WF5W: Arbitrary Remote Code Execution via Incomplete Environment Denylist in Ouroboros AI

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-VCV2-R9JH-99M5: GHSA-VCV2-R9JH-99M5: OS Command Injection in agentic-flow MCP Server Tools
cverports profile

GHSA-VCV2-R9JH-99M5: GHSA-VCV2-R9JH-99M5: OS Command Injection in agentic-flow MCP Server Tools

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-12151: CVE-2026-12151: Denial of Service via Uncontrolled Fragment Buffering in Undici WebSocket Client
cverports profile

CVE-2026-12151: CVE-2026-12151: Denial of Service via Uncontrolled Fragment Buffering in Undici WebSocket Client

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-48814: CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer
cverports profile

CVE-2026-48814: CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53857: CVE-2026-53857: Authentication Bypass via Mutable Display Name Spoofing in OpenClaw allowFrom Policy
cverports profile

CVE-2026-53857: CVE-2026-53857: Authentication Bypass via Mutable Display Name Spoofing in OpenClaw allowFrom Policy

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53856: CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery
cverports profile

CVE-2026-53856: CVE-2026-53856: Incorrect Permission Assignment for Critical Resource in OpenClaw Config Recovery

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53844: CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory Search
cverports profile

CVE-2026-53844: CVE-2026-53844: Missing Session Visibility Authorization Bypass in OpenClaw Shared Memory Search

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53860: CVE-2026-53860: Sender Policy Bypass in OpenClaw BlueBubbles Integration
cverports profile

CVE-2026-53860: CVE-2026-53860: Sender Policy Bypass in OpenClaw BlueBubbles Integration

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53853: CVE-2026-53853: Protection Mechanism Bypass and Incorrect Authorization in OpenClaw Execution Gateway
cverports profile

CVE-2026-53853: CVE-2026-53853: Protection Mechanism Bypass and Incorrect Authorization in OpenClaw Execution Gateway

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53846: CVE-2026-53846: Arbitrary Command Execution via Workspace .env Hijacking in OpenClaw
cverports profile

CVE-2026-53846: CVE-2026-53846: Arbitrary Command Execution via Workspace .env Hijacking in OpenClaw

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement
cverports profile

CVE-2026-53850: CVE-2026-53850: Missing Authorization in OpenClaw focus Command Control Scope Enforcement

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53849: CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display Names in OpenClaw allowFrom
cverports profile

CVE-2026-53849: CVE-2026-53849: Privilege Escalation and Authentication Bypass via Mutable Discord Display Names in OpenClaw allowFrom

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw
cverports profile

CVE-2026-53858: CVE-2026-53858: Local Code Execution via Untrusted Search Path in OpenClaw

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53865: CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search Path
cverports profile

CVE-2026-53865: CVE-2026-53865: Arbitrary Local Command Execution in OpenClaw via Untrusted Search Path

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53852: CVE-2026-53852: Scope Containment Bypass in OpenClaw Device Re-pairing
cverports profile

CVE-2026-53852: CVE-2026-53852: Scope Containment Bypass in OpenClaw Device Re-pairing

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53854: CVE-2026-53854: Privilege Escalation via Wildcard Authorization Inheritance in OpenClaw
cverports profile

CVE-2026-53854: CVE-2026-53854: Privilege Escalation via Wildcard Authorization Inheritance in OpenClaw

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-0755: CVE-2026-0755: Remote Code Execution and Arbitrary File Exfiltration in gemini-mcp-tool
cverports profile

CVE-2026-0755: CVE-2026-0755: Remote Code Execution and Arbitrary File Exfiltration in gemini-mcp-tool

#security #cve #cybersecurity
Comments
2 min read
GHSA-G7M4-839X-CH6V: GHSA-g7m4-839x-ch6v: Denial of Service via Unbounded Digits Parameter in spomky-labs/otphp
cverports profile

GHSA-G7M4-839X-CH6V: GHSA-g7m4-839x-ch6v: Denial of Service via Unbounded Digits Parameter in spomky-labs/otphp

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-2JX3-65F3-XR8R: GHSA-2JX3-65F3-XR8R: Dynamic Property Injection (Mass Assignment) in spomky-labs/otphp
cverports profile

GHSA-2JX3-65F3-XR8R: GHSA-2JX3-65F3-XR8R: Dynamic Property Injection (Mass Assignment) in spomky-labs/otphp

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6VVH-PXR4-25R7: GHSA-6vvh-pxr4-25r7: Cryptographic Integrity Degradation in JWT Framework ChaCha20-Poly1305 Key Encryption
cverports profile

GHSA-6VVH-PXR4-25R7: GHSA-6vvh-pxr4-25r7: Cryptographic Integrity Degradation in JWT Framework ChaCha20-Poly1305 Key Encryption

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-3PRJ-6HQW-CM82: GHSA-3PRJ-6HQW-CM82: CPU Amplification Denial of Service in web-token JWT Library
cverports profile

GHSA-3PRJ-6HQW-CM82: GHSA-3PRJ-6HQW-CM82: CPU Amplification Denial of Service in web-token JWT Library

#security #cve #cybersecurity #ghsa
Comments
3 min read
GHSA-JC38-X7X8-2XC8: GHSA-jc38-x7x8-2xc8: Algorithm Confusion and Header Override Vulnerability in PHP JWT Framework
cverports profile

GHSA-JC38-X7X8-2XC8: GHSA-jc38-x7x8-2xc8: Algorithm Confusion and Header Override Vulnerability in PHP JWT Framework

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5739-39V2-5754: GHSA-5739-39V2-5754: Bleichenbacher / Marvin Padding Oracle in PHP JWE Decryption (RSAES-PKCS1-v1_5)
cverports profile

GHSA-5739-39V2-5754: GHSA-5739-39V2-5754: Bleichenbacher / Marvin Padding Oracle in PHP JWE Decryption (RSAES-PKCS1-v1_5)

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-GFJ5-979R-92PW: GHSA-GFJ5-979R-92PW: Unauthenticated Authentication Bypass in @acastellon/auth via Header Spoofing
cverports profile

GHSA-GFJ5-979R-92PW: GHSA-GFJ5-979R-92PW: Unauthenticated Authentication Bypass in @acastellon/auth via Header Spoofing

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QQF5-X7MJ-V43P: GHSA-QQF5-X7MJ-V43P: SQL Injection Vulnerabilities in Budibase Database Connectors
cverports profile

GHSA-QQF5-X7MJ-V43P: GHSA-QQF5-X7MJ-V43P: SQL Injection Vulnerabilities in Budibase Database Connectors

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-2JQ4-Q6VV-4CP3: GHSA-2JQ4-Q6VV-4CP3: Arbitrary File Write via Path Traversal in Crawl4AI Downloads
cverports profile

GHSA-2JQ4-Q6VV-4CP3: GHSA-2JQ4-Q6VV-4CP3: Arbitrary File Write via Path Traversal in Crawl4AI Downloads

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-R253-R9JW-QG44: GHSA-R253-R9JW-QG44: Unauthenticated Remote Code Execution in Crawl4AI via Chromium Launch-Argument Injection
cverports profile

GHSA-R253-R9JW-QG44: GHSA-R253-R9JW-QG44: Unauthenticated Remote Code Execution in Crawl4AI via Chromium Launch-Argument Injection

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-WM69-2PC3-RMMF: GHSA-wm69-2pc3-rmmf: Unauthenticated Server-Side Request Forgery in Crawl4AI Docker Streaming Crawl Path
cverports profile

GHSA-WM69-2PC3-RMMF: GHSA-wm69-2pc3-rmmf: Unauthenticated Server-Side Request Forgery in Crawl4AI Docker Streaming Crawl Path

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-12565: CVE-2026-12565: Arbitrary File Write via Path Traversal in BBOT unarchive Module
cverports profile

CVE-2026-12565: CVE-2026-12565: Arbitrary File Write via Path Traversal in BBOT unarchive Module

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-12566: CVE-2026-12566: Server-Side Request Forgery (SSRF) in Black Lantern Security BBOT docker_pull Module
cverports profile

CVE-2026-12566: CVE-2026-12566: Server-Side Request Forgery (SSRF) in Black Lantern Security BBOT docker_pull Module

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-12568: CVE-2026-12568: Path Traversal and Arbitrary File Write in BBOT postman_download Module
cverports profile

CVE-2026-12568: CVE-2026-12568: Path Traversal and Arbitrary File Write in BBOT postman_download Module

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-12567: CVE-2026-12567: Symlink Following Vulnerability in BBOT github_workflows Module
cverports profile

CVE-2026-12567: CVE-2026-12567: Symlink Following Vulnerability in BBOT github_workflows Module

#security #cve #cybersecurity
Comments
2 min read
GHSA-47QP-HQVX-6R3F: GHSA-47QP-HQVX-6R3F: Remote Memory Exhaustion (Denial of Service) in JLine3 Telnet Server
cverports profile

GHSA-47QP-HQVX-6R3F: GHSA-47QP-HQVX-6R3F: Remote Memory Exhaustion (Denial of Service) in JLine3 Telnet Server

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-49975: CVE-2026-49975: Remote Denial of Service via HTTP/2 HPACK Cookie Memory Amplification in Apache HTTP Server
cverports profile

CVE-2026-49975: CVE-2026-49975: Remote Denial of Service via HTTP/2 HPACK Cookie Memory Amplification in Apache HTTP Server

#security #cve #cybersecurity
Comments
3 min read
CVE-2026-5038: CVE-2026-5038: Denial of Service via Incomplete File Cleanup in Multer diskStorage Engine
cverports profile

CVE-2026-5038: CVE-2026-5038: Denial of Service via Incomplete File Cleanup in Multer diskStorage Engine

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-5079: CVE-2026-5079: Denial of Service via Uncontrolled Resource Consumption in Multer Multipart Parser
cverports profile

CVE-2026-5079: CVE-2026-5079: Denial of Service via Uncontrolled Resource Consumption in Multer Multipart Parser

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-9595: CVE-2026-9595: WebSocket Proxying Vulnerability in webpack-dev-server leading to Host/Origin Validation Bypass
cverports profile

CVE-2026-9595: CVE-2026-9595: WebSocket Proxying Vulnerability in webpack-dev-server leading to Host/Origin Validation Bypass

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-53840: CVE-2026-53840: Sensitive Header Leakage via Cross-Origin Redirects in OpenClaw MCP Servers
cverports profile

CVE-2026-53840: CVE-2026-53840: Sensitive Header Leakage via Cross-Origin Redirects in OpenClaw MCP Servers

#security #cve #cybersecurity
Comments
2 min read
GHSA-8JR5-V98P-W75M: GHSA-8JR5-V98P-W75M: Perception Desynchronization via Unnormalized EXIF Orientation and PNG Transparency in vLLM
cverports profile

GHSA-8JR5-V98P-W75M: GHSA-8JR5-V98P-W75M: Perception Desynchronization via Unnormalized EXIF Orientation and PNG Transparency in vLLM

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-664H-GPGQ-H6XX: GHSA-664h-gpgq-h6xx: Privilege Escalation via Broken Authorization in n8n Evaluation Test Runs Controller
cverports profile

GHSA-664H-GPGQ-H6XX: GHSA-664h-gpgq-h6xx: Privilege Escalation via Broken Authorization in n8n Evaluation Test Runs Controller

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JWM3-QCFW-C5PP: GHSA-jwm3-qcfw-c5pp: Security Bypass in n8n Python Code Node AST Validator
cverports profile

GHSA-JWM3-QCFW-C5PP: GHSA-jwm3-qcfw-c5pp: Security Bypass in n8n Python Code Node AST Validator

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-H3JJ-5F3V-3685: GHSA-H3JJ-5F3V-3685: Public API Execution Retry Authorization Bypass in n8n
cverports profile

GHSA-H3JJ-5F3V-3685: GHSA-H3JJ-5F3V-3685: Public API Execution Retry Authorization Bypass in n8n

#security #cve #cybersecurity #ghsa
Comments
2 min read
loading...