DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
CVE-2026-25611: CVE-2026-25611: Pre-Authentication Denial of Service via Asymmetric Memory Exhaustion in MongoDB Server
cverports profile

CVE-2026-25611: CVE-2026-25611: Pre-Authentication Denial of Service via Asymmetric Memory Exhaustion in MongoDB Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30852: CVE-2026-30852: Double-Expansion Information Disclosure in Caddy vars_regexp
cverports profile

CVE-2026-30852: CVE-2026-30852: Double-Expansion Information Disclosure in Caddy vars_regexp

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30855: CVE-2026-30855: Broken Object Level Authorization in Tencent WeKnora
cverports profile

CVE-2026-30855: CVE-2026-30855: Broken Object Level Authorization in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30856: CVE-2026-30856: Tool Execution Hijacking and Indirect Prompt Injection in Tencent WeKnora
cverports profile

CVE-2026-30856: CVE-2026-30856: Tool Execution Hijacking and Indirect Prompt Injection in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30857: CVE-2026-30857: Unauthorized Cross-Tenant Knowledge Base Cloning in WeKnora
cverports profile

CVE-2026-30857: CVE-2026-30857: Unauthorized Cross-Tenant Knowledge Base Cloning in WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30858: CVE-2026-30858: Server-Side Request Forgery via DNS Rebinding in Tencent WeKnora
cverports profile

CVE-2026-30858: CVE-2026-30858: Server-Side Request Forgery via DNS Rebinding in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30859: CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora
cverports profile

CVE-2026-30859: CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30860: CVE-2026-30860: Remote Code Execution via SQL Injection Bypass in Tencent WeKnora
cverports profile

CVE-2026-30860: CVE-2026-30860: Remote Code Execution via SQL Injection Bypass in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30861: CVE-2026-30861: Remote Code Execution via Incomplete Command Blacklist in Tencent WeKnora
cverports profile

CVE-2026-30861: CVE-2026-30861: Remote Code Execution via Incomplete Command Blacklist in Tencent WeKnora

#security #cve #cybersecurity
Comments
2 min read
GHSA-5Q8V-J673-M5V4: GHSA-5Q8V-J673-M5V4: Insecure Direct Object Reference and Authorization Bypass in Firefly III API
cverports profile

GHSA-5Q8V-J673-M5V4: GHSA-5Q8V-J673-M5V4: Insecure Direct Object Reference and Authorization Bypass in Firefly III API

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-G9RG-8VQ5-MPWM: GHSA-G9RG-8VQ5-MPWM: Cross-Origin Memory Theft and Information Disclosure in mcp-memory-service
cverports profile

GHSA-G9RG-8VQ5-MPWM: GHSA-G9RG-8VQ5-MPWM: Cross-Origin Memory Theft and Information Disclosure in mcp-memory-service

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-2H2P-MVFX-868W: GHSA-2H2P-MVFX-868W: Critical Path Traversal and Authentication Bypass in SiYuan
cverports profile

GHSA-2H2P-MVFX-868W: GHSA-2H2P-MVFX-868W: Critical Path Traversal and Authentication Bypass in SiYuan

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-Q6WC-XX4M-92FJ: GHSA-q6wc-xx4m-92fj: Improper Authorization in PowerSync Service Sync Streams
cverports profile

GHSA-Q6WC-XX4M-92FJ: GHSA-q6wc-xx4m-92fj: Improper Authorization in PowerSync Service Sync Streams

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6W2R-CFPC-23R5: GHSA-6w2r-cfpc-23r5: Unauthenticated IDOR in AVideo Playlist Endpoints
cverports profile

GHSA-6W2R-CFPC-23R5: GHSA-6w2r-cfpc-23r5: Unauthenticated IDOR in AVideo Playlist Endpoints

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-C8M8-3JCR-6RJ5: GHSA-c8m8-3jcr-6rj5: Hardcoded JWT Signing Secret in FUXA
cverports profile

GHSA-C8M8-3JCR-6RJ5: GHSA-c8m8-3jcr-6rj5: Hardcoded JWT Signing Secret in FUXA

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6F6W-6J58-RQ76: GHSA-6f6w-6j58-rq76: Shell Injection in shescape via Symlink Chain Misidentification
cverports profile

GHSA-6F6W-6J58-RQ76: GHSA-6f6w-6j58-rq76: Shell Injection in shescape via Symlink Chain Misidentification

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-V53H-F6M7-XCGM: GHSA-V53H-F6M7-XCGM: Remote Code Execution in psf/black GitHub Action via pyproject.toml
cverports profile

GHSA-V53H-F6M7-XCGM: GHSA-V53H-F6M7-XCGM: Remote Code Execution in psf/black GitHub Action via pyproject.toml

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QR2G-P6Q7-W82M: GHSA-qr2g-p6q7-w82m: Critical Payment Verification Bypass in Coinbase x402 SDK (Solana)
cverports profile

GHSA-QR2G-P6Q7-W82M: GHSA-qr2g-p6q7-w82m: Critical Payment Verification Bypass in Coinbase x402 SDK (Solana)

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
GHSA-4J36-39GM-8VQ8: OneUptime Synthetic Monitor RCE via Sandbox Escape
cverports profile

GHSA-4J36-39GM-8VQ8: OneUptime Synthetic Monitor RCE via Sandbox Escape

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-PM4J-7R4Q-CCG8: GHSA-PM4J-7R4Q-CCG8: State Inconsistency in Soroban Host Storage Key Conversion
cverports profile

GHSA-PM4J-7R4Q-CCG8: GHSA-PM4J-7R4Q-CCG8: State Inconsistency in Soroban Host Storage Key Conversion

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-H343-GG57-2Q67: CVE-2026-27574: Remote Code Execution in OneUptime Probe via VM Sandbox Escape
cverports profile

GHSA-H343-GG57-2Q67: CVE-2026-27574: Remote Code Execution in OneUptime Probe via VM Sandbox Escape

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30835: CVE-2026-30835: Database Metadata Leak via Malformed Regex in Parse Server
cverports profile

CVE-2026-30835: CVE-2026-30835: Database Metadata Leak via Malformed Regex in Parse Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26018: CVE-2026-26018: Remote Denial of Service in CoreDNS Loop Detection Plugin via Predictable PRNG
cverports profile

CVE-2026-26018: CVE-2026-26018: Remote Denial of Service in CoreDNS Loop Detection Plugin via Predictable PRNG

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29064: CVE-2026-29064: Path Traversal via Symlink Extraction in Zarf
cverports profile

CVE-2026-29064: CVE-2026-29064: Path Traversal via Symlink Extraction in Zarf

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30228: CVE-2026-30228: Authorization Bypass in Parse Server Files API via readOnlyMasterKey
cverports profile

CVE-2026-30228: CVE-2026-30228: Authorization Bypass in Parse Server Files API via readOnlyMasterKey

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30241: CVE-2026-30241: Missing Query Depth Validation in Mercurius GraphQL Subscriptions
cverports profile

CVE-2026-30241: CVE-2026-30241: Missing Query Depth Validation in Mercurius GraphQL Subscriptions

#security #cve #cybersecurity
1
Comments
2 min read
CVE-2026-30229: CVE-2026-30229: Privilege Escalation via Read-Only Master Key in Parse Server
cverports profile

CVE-2026-30229: CVE-2026-30229: Privilege Escalation via Read-Only Master Key in Parse Server

#security #cve #cybersecurity
Comments
2 min read
GHSA-9R75-G2CR-3H76: GHSA-9r75-g2cr-3h76: Predictable Webhook Tokens in Vercel Workflow
cverports profile

GHSA-9R75-G2CR-3H76: GHSA-9r75-g2cr-3h76: Predictable Webhook Tokens in Vercel Workflow

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-26017: CVE-2026-26017: CoreDNS ACL Bypass via TOCTOU in Plugin Chain
cverports profile

CVE-2026-26017: CVE-2026-26017: CoreDNS ACL Bypass via TOCTOU in Plugin Chain

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-3419: CVE-2026-3419: Content-Type Validation Bypass in Fastify via Regex Anchor Missing
cverports profile

CVE-2026-3419: CVE-2026-3419: Content-Type Validation Bypass in Fastify via Regex Anchor Missing

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29783: CVE-2026-29783: Command Injection via Bash Parameter Expansion in GitHub Copilot CLI
cverports profile

CVE-2026-29783: CVE-2026-29783: Command Injection via Bash Parameter Expansion in GitHub Copilot CLI

#security #cve #cybersecurity
Comments
2 min read
GHSA-FWHJ-785H-43HH: GHSA-FWHJ-785H-43HH: Denial of Service via Null Pointer Dereference in OliveTin
cverports profile

GHSA-FWHJ-785H-43HH: GHSA-FWHJ-785H-43HH: Denial of Service via Null Pointer Dereference in OliveTin

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-2833: CVE-2026-2833: HTTP Request Smuggling via Premature Upgrade in Cloudflare Pingora
cverports profile

CVE-2026-2833: CVE-2026-2833: HTTP Request Smuggling via Premature Upgrade in Cloudflare Pingora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-2835: CVE-2026-2835: HTTP Request Smuggling in Cloudflare Pingora
cverports profile

CVE-2026-2835: CVE-2026-2835: HTTP Request Smuggling in Cloudflare Pingora

#security #cve #cybersecurity
Comments
2 min read
GHSA-7RHV-H82H-VPJH: CVE-2026-30777: MFA Bypass in EC-CUBE Administrative Interface
cverports profile

GHSA-7RHV-H82H-VPJH: CVE-2026-30777: MFA Bypass in EC-CUBE Administrative Interface

#security #cve #cybersecurity
Comments
2 min read
GHSA-MH23-RW7F-V5PQ: GHSA-MH23-RW7F-V5PQ: Malicious 'time-sync' Crate Exfiltrating Environment Secrets
cverports profile

GHSA-MH23-RW7F-V5PQ: GHSA-MH23-RW7F-V5PQ: Malicious 'time-sync' Crate Exfiltrating Environment Secrets

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
CVE-2025-11143: CVE-2025-11143: URI Parsing Differential in Eclipse Jetty
cverports profile

CVE-2025-11143: CVE-2025-11143: URI Parsing Differential in Eclipse Jetty

#security #cve #cybersecurity
Comments
2 min read
GHSA-X2G5-FVC2-GQVP: GHSA-X2G5-FVC2-GQVP: Insufficient Bcrypt Salt Rounds in Flowise
cverports profile

GHSA-X2G5-FVC2-GQVP: GHSA-X2G5-FVC2-GQVP: Insufficient Bcrypt Salt Rounds in Flowise

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JC5M-WRP2-QQ38: GHSA-jc5m-wrp2-qq38: PII Disclosure via Flowise Forgot Password Endpoint
cverports profile

GHSA-JC5M-WRP2-QQ38: GHSA-jc5m-wrp2-qq38: PII Disclosure via Flowise Forgot Password Endpoint

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5R2P-PJR8-7FH7: Remote Code Execution in AWS SageMaker Python SDK via Unsafe eval()
cverports profile

GHSA-5R2P-PJR8-7FH7: Remote Code Execution in AWS SageMaker Python SDK via Unsafe eval()

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-1605: CVE-2026-1605: Native Memory Leak in Eclipse Jetty GzipHandler
cverports profile

CVE-2026-1605: CVE-2026-1605: Native Memory Leak in Eclipse Jetty GzipHandler

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-2836: CVE-2026-2836: Host-Blind Cache Poisoning in Cloudflare Pingora
cverports profile

CVE-2026-2836: CVE-2026-2836: Host-Blind Cache Poisoning in Cloudflare Pingora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26196: CVE-2026-26196: Sensitive API Token Exposure via URL Query Parameters in Gogs
cverports profile

CVE-2026-26196: CVE-2026-26196: Sensitive API Token Exposure via URL Query Parameters in Gogs

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26194: CVE-2026-26194: Command Option Injection in Gogs Release Deletion
cverports profile

CVE-2026-26194: CVE-2026-26194: Command Option Injection in Gogs Release Deletion

#security #cve #cybersecurity
1
Comments
2 min read
CVE-2026-25048: CVE-2026-25048: Stack Exhaustion Denial of Service in xgrammar EBNF Parser
cverports profile

CVE-2026-25048: CVE-2026-25048: Stack Exhaustion Denial of Service in xgrammar EBNF Parser

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-27944: CVE-2026-27944: Unauthenticated Backup Download and Encryption Key Disclosure in Nginx UI
cverports profile

CVE-2026-27944: CVE-2026-27944: Unauthenticated Backup Download and Encryption Key Disclosure in Nginx UI

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-20122: CVE-2026-20122: Arbitrary File Overwrite in Cisco Catalyst SD-WAN Manager API
cverports profile

CVE-2026-20122: CVE-2026-20122: Arbitrary File Overwrite in Cisco Catalyst SD-WAN Manager API

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-20079: CVE-2026-20079: Authentication Bypass & RCE in Cisco Secure FMC
cverports profile

CVE-2026-20079: CVE-2026-20079: Authentication Bypass & RCE in Cisco Secure FMC

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-20131: CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization
cverports profile

CVE-2026-20131: CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization

#security #cve #cybersecurity
Comments
2 min read
CVE-2025-15558: CVE-2025-15558: Local Privilege Escalation via Uncontrolled Search Path in Docker CLI for Windows
cverports profile

CVE-2025-15558: CVE-2025-15558: Local Privilege Escalation via Uncontrolled Search Path in Docker CLI for Windows

#security #cve #cybersecurity
Comments
2 min read
GHSA-HHJV-JQ77-CMVX: GHSA-HHJV-JQ77-CMVX: Android Shell Blocklist Bypass in Zeptoclaw via Argument Permutation
cverports profile

GHSA-HHJV-JQ77-CMVX: GHSA-HHJV-JQ77-CMVX: Android Shell Blocklist Bypass in Zeptoclaw via Argument Permutation

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-22719: CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations
cverports profile

CVE-2026-22719: CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations

#security #cve #cybersecurity
Comments
2 min read
GHSA-5WP8-Q9MX-8JX8: GHSA-5WP8-Q9MX-8JX8: Critical Shell Security Bypass in Zeptoclaw AI Runtime
cverports profile

GHSA-5WP8-Q9MX-8JX8: GHSA-5WP8-Q9MX-8JX8: Critical Shell Security Bypass in Zeptoclaw AI Runtime

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-9M84-WC28-W895: GHSA-9m84-wc28-w895: Incomplete CSRF Protection and Weak OTC Binding in Ghost
cverports profile

GHSA-9M84-WC28-W895: GHSA-9m84-wc28-w895: Incomplete CSRF Protection and Weak OTC Binding in Ghost

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-XHW7-JHMP-J62J: GHSA-XHW7-JHMP-J62J: Malicious 'dnp3times' Crate Exfiltrates Secrets via Typosquatting
cverports profile

GHSA-XHW7-JHMP-J62J: GHSA-XHW7-JHMP-J62J: Malicious 'dnp3times' Crate Exfiltrates Secrets via Typosquatting

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QFFP-2RHF-9H96: GHSA-qffp-2rhf-9h96: Hardlink Path Traversal in node-tar via Drive-Relative Paths
cverports profile

GHSA-QFFP-2RHF-9H96: GHSA-qffp-2rhf-9h96: Hardlink Path Traversal in node-tar via Drive-Relative Paths

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-3125: CVE-2026-3125: SSRF via Differential Path Normalization in @opennextjs/cloudflare
cverports profile

CVE-2026-3125: CVE-2026-3125: SSRF via Differential Path Normalization in @opennextjs/cloudflare

#security #cve #cybersecurity
Comments
2 min read
GHSA-W75W-9QV4-J5XJ: GHSA-W75W-9QV4-J5XJ: Path Traversal in dbt-common Archive Extraction
cverports profile

GHSA-W75W-9QV4-J5XJ: GHSA-W75W-9QV4-J5XJ: Path Traversal in dbt-common Archive Extraction

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
GHSA-V2X6-WWFW-R2RQ: GHSA-v2x6-wwfw-r2rq: Path Traversal and Parameter Injection in Agentgateway
cverports profile

GHSA-V2X6-WWFW-R2RQ: GHSA-v2x6-wwfw-r2rq: Path Traversal and Parameter Injection in Agentgateway

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-3520: CVE-2026-3520: Denial of Service via Uncontrolled Recursion in Multer
cverports profile

CVE-2026-3520: CVE-2026-3520: Denial of Service via Uncontrolled Recursion in Multer

#security #cve #cybersecurity
Comments
2 min read
loading...