DEV Community

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
GHSA-WM45-QH3G-V83F: GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian

GHSA-WM45-QH3G-V83F: GHSA-WM45-QH3G-V83F: Arbitrary Server-Side File Read and Exfiltration via Attachment Upload in mcp-atlassian

Comments
2 min read
GHSA-G5R6-GV6M-F5JV: GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

GHSA-G5R6-GV6M-F5JV: GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

Comments
2 min read
CVE-2026-54158: CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

CVE-2026-54158: CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

Comments
2 min read
CVE-2026-50551: CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan

CVE-2026-50551: CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan

Comments
2 min read
GHSA-H4G2-XFMW-Q2C9: GHSA-H4G2-XFMW-Q2C9: Missing Authentication Bypass in Clauster Configuration Validator

GHSA-H4G2-XFMW-Q2C9: GHSA-H4G2-XFMW-Q2C9: Missing Authentication Bypass in Clauster Configuration Validator

Comments
2 min read
GHSA-G936-7JQJ-MWV8: GHSA-g936-7jqj-mwv8: Administrative Token Leakage and Privilege Escalation in TSDProxy

GHSA-G936-7JQJ-MWV8: GHSA-g936-7jqj-mwv8: Administrative Token Leakage and Privilege Escalation in TSDProxy

Comments
2 min read
CVE-2026-54070: CVE-2026-54070: Stored Cross-Site Scripting via Modern HTML5 Event Handler Bypass in SiYuan Bazaar

CVE-2026-54070: CVE-2026-54070: Stored Cross-Site Scripting via Modern HTML5 Event Handler Bypass in SiYuan Bazaar

Comments
2 min read
GHSA-489G-7RXV-6C8Q: CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server

GHSA-489G-7RXV-6C8Q: CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server

Comments
1 min read
CVE-2026-49866: CVE-2026-49866: CPU-Based Denial of Service in @libp2p/gossipsub Protobuf Parser

CVE-2026-49866: CVE-2026-49866: CPU-Based Denial of Service in @libp2p/gossipsub Protobuf Parser

Comments
1 min read
CVE-2026-49858: CVE-2026-49858: Cross-User Attribute and Relation Leak in API Platform Core Serializers

CVE-2026-49858: CVE-2026-49858: Cross-User Attribute and Relation Leak in API Platform Core Serializers

Comments
2 min read
CVE-2026-5078: CVE-2026-5078: Log Forging and Injection via :remote-user Token in Morgan Logging Middleware

CVE-2026-5078: CVE-2026-5078: Log Forging and Injection via :remote-user Token in Morgan Logging Middleware

Comments
3 min read
CVE-2026-48861: CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

CVE-2026-48861: CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

Comments
3 min read
CVE-2026-49753: CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

CVE-2026-49753: CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

Comments
2 min read
CVE-2026-49754: CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

CVE-2026-49754: CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

Comments
2 min read
CVE-2026-48596: CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

CVE-2026-48596: CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

Comments
2 min read
CVE-2026-48594: CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

CVE-2026-48594: CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

Comments
2 min read
CVE-2026-48595: CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

CVE-2026-48595: CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

Comments
2 min read
CVE-2026-48597: CVE-2026-48597: Denial of Service via Atom Table Exhaustion in Elixir Tesla Client (Mint Adapter)

CVE-2026-48597: CVE-2026-48597: Denial of Service via Atom Table Exhaustion in Elixir Tesla Client (Mint Adapter)

Comments
2 min read
CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla

CVE-2026-48598: CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla

Comments
2 min read
CVE-2026-49851: CVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown Parser

CVE-2026-49851: CVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown Parser

Comments
2 min read
CVE-2026-48862: CVE-2026-48862: Unbounded Resource Allocation via HTTP/2 PUSH_PROMISE Flooding in Mint

CVE-2026-48862: CVE-2026-48862: Unbounded Resource Allocation via HTTP/2 PUSH_PROMISE Flooding in Mint

Comments
2 min read
CVE-2026-52778: CVE-2026-52778: Unauthenticated Remote Code Execution and ReDoS in YesWiki Bazar Formula Calculator

CVE-2026-52778: CVE-2026-52778: Unauthenticated Remote Code Execution and ReDoS in YesWiki Bazar Formula Calculator

Comments
2 min read
CVE-2026-54651: CVE-2026-54651: Infinite Loop Vulnerability in pypdf Article Thread Parser

CVE-2026-54651: CVE-2026-54651: Infinite Loop Vulnerability in pypdf Article Thread Parser

Comments
2 min read
GHSA-387M-935M-C4VW: GHSA-387m-935m-c4vw: Unbounded HTTP Redirections Enable Infinite Loop Denial of Service in Micronaut HTTP Client

GHSA-387M-935M-C4VW: GHSA-387m-935m-c4vw: Unbounded HTTP Redirections Enable Infinite Loop Denial of Service in Micronaut HTTP Client

Comments
2 min read
GHSA-Q6GH-6V2R-HJV3: GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client

GHSA-Q6GH-6V2R-HJV3: GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client

Comments
2 min read
GHSA-52VM-MXX8-F227: GHSA-52vm-mxx8-f227: Arbitrary File Write and Decompression Denial of Service in phantom-audio

GHSA-52VM-MXX8-F227: GHSA-52vm-mxx8-f227: Arbitrary File Write and Decompression Denial of Service in phantom-audio

Comments
2 min read
GHSA-C43V-4CR8-6MVP: GHSA-C43V-4CR8-6MVP: Authenticated Path Traversal in Craft CMS Asset Icon Helper

GHSA-C43V-4CR8-6MVP: GHSA-C43V-4CR8-6MVP: Authenticated Path Traversal in Craft CMS Asset Icon Helper

Comments
2 min read
GHSA-86VW-X4WW-X467: CVE-2026-56382: Remote Code Execution in Craft CMS via Yii2 Event Handler Injection

GHSA-86VW-X4WW-X467: CVE-2026-56382: Remote Code Execution in Craft CMS via Yii2 Event Handler Injection

Comments
2 min read
GHSA-382C-VX95-W3P5: GHSA-382C-VX95-W3P5: Missing Access Control on Profile Endpoint and MCP Tool in Gittensory

GHSA-382C-VX95-W3P5: GHSA-382C-VX95-W3P5: Missing Access Control on Profile Endpoint and MCP Tool in Gittensory

Comments
2 min read
CVE-2026-53634: CVE-2026-53634: Missing Authorization in Code16 Sharp Quick Creation Command Controller

CVE-2026-53634: CVE-2026-53634: Missing Authorization in Code16 Sharp Quick Creation Command Controller

Comments
2 min read
CVE-2026-49471: CVE-2026-49471: Unauthenticated Remote Code Execution in Serena MCP Toolkit via DNS Rebinding and Memory Poisoning

CVE-2026-49471: CVE-2026-49471: Unauthenticated Remote Code Execution in Serena MCP Toolkit via DNS Rebinding and Memory Poisoning

Comments
3 min read
GHSA-MXWC-WH95-PW4G: GHSA-MXWC-WH95-PW4G: Denial of Service via Uncontrolled Recursion in Trapster DNS Parser

GHSA-MXWC-WH95-PW4G: GHSA-MXWC-WH95-PW4G: Denial of Service via Uncontrolled Recursion in Trapster DNS Parser

Comments
1 min read
GHSA-Q95X-7G78-RCCV: GHSA-Q95X-7G78-RCCV: Safe Rust Memory Corruption via Use-After-Free in oneringbuf Crate

GHSA-Q95X-7G78-RCCV: GHSA-Q95X-7G78-RCCV: Safe Rust Memory Corruption via Use-After-Free in oneringbuf Crate

Comments
2 min read
CVE-2026-53359: CVE-2026-53359: Use-After-Free in Linux Kernel KVM Shadow MMU (Januscape)

CVE-2026-53359: CVE-2026-53359: Use-After-Free in Linux Kernel KVM Shadow MMU (Januscape)

Comments
3 min read
CVE-2026-48282: CVE-2026-48282: Unauthenticated Path Traversal and Arbitrary File Write in Adobe ColdFusion Remote Development Services

CVE-2026-48282: CVE-2026-48282: Unauthenticated Path Traversal and Arbitrary File Write in Adobe ColdFusion Remote Development Services

Comments
2 min read
GHSA-GQ4G-FPC9-VJFQ: GHSA-gq4g-fpc9-vjfq: Username Enumeration via Predictable Decoy Credentials in web-auth/webauthn-lib

GHSA-GQ4G-FPC9-VJFQ: GHSA-gq4g-fpc9-vjfq: Username Enumeration via Predictable Decoy Credentials in web-auth/webauthn-lib

Comments
2 min read
GHSA-CWV4-H3J5-W3CF: GHSA-CWV4-H3J5-W3CF: Stored and Reflected Cross-Site Scripting in rama's Directory Listing Component

GHSA-CWV4-H3J5-W3CF: GHSA-CWV4-H3J5-W3CF: Stored and Reflected Cross-Site Scripting in rama's Directory Listing Component

Comments
2 min read
GHSA-Q855-8RH5-JFGQ: GHSA-Q855-8RH5-JFGQ: Missing Authentication and CSRF in ha-mcp bare root settings and policy routes

GHSA-Q855-8RH5-JFGQ: GHSA-Q855-8RH5-JFGQ: Missing Authentication and CSRF in ha-mcp bare root settings and policy routes

Comments
3 min read
GHSA-F66Q-9RF6-8795: GHSA-f66q-9rf6-8795: WebAuthn Re-authentication Freshness Bypass in Flask-Security-Too

GHSA-F66Q-9RF6-8795: GHSA-f66q-9rf6-8795: WebAuthn Re-authentication Freshness Bypass in Flask-Security-Too

Comments
2 min read
CVE-2026-50127: CVE-2026-50127: Server-Side Request Forgery Bypass via IPv6 Transition Prefixes in Weblate

CVE-2026-50127: CVE-2026-50127: Server-Side Request Forgery Bypass via IPv6 Transition Prefixes in Weblate

Comments
2 min read
GHSA-86J7-9J95-VPQJ: GHSA-86J7-9J95-VPQJ: Stored Cross-Site Scripting in Better Auth Plugins via Malicious Redirect URIs

GHSA-86J7-9J95-VPQJ: GHSA-86J7-9J95-VPQJ: Stored Cross-Site Scripting in Better Auth Plugins via Malicious Redirect URIs

Comments
2 min read
GHSA-9H47-PQCX-HJR4: GHSA-9H47-PQCX-HJR4: Insecure Cryptographic Defaults in Better Auth OIDC Provider

GHSA-9H47-PQCX-HJR4: GHSA-9H47-PQCX-HJR4: Insecure Cryptographic Defaults in Better Auth OIDC Provider

Comments
2 min read
GHSA-2VG6-77G8-24MP: GHSA-2vg6-77g8-24mp: Insufficient Session Expiration via Incomplete Cleanup in Better Auth Ecosystem

GHSA-2VG6-77G8-24MP: GHSA-2vg6-77g8-24mp: Insufficient Session Expiration via Incomplete Cleanup in Better Auth Ecosystem

Comments
2 min read
GHSA-J8V8-G9CX-5QF4: GHSA-J8V8-G9CX-5QF4: Missing Authorization and Access Control Flaw in @better-auth/scim

GHSA-J8V8-G9CX-5QF4: GHSA-J8V8-G9CX-5QF4: Missing Authorization and Access Control Flaw in @better-auth/scim

Comments
2 min read
GHSA-FQF6-GXHH-2XHW: GHSA-FQF6-GXHH-2XHW: Silent Data Loss and Behavioral Mismatch in uutils coreutils Backup Logic

GHSA-FQF6-GXHH-2XHW: GHSA-FQF6-GXHH-2XHW: Silent Data Loss and Behavioral Mismatch in uutils coreutils Backup Logic

Comments
2 min read
CVE-2025-46571: CVE-2025-46571: Stored Cross-Site Scripting (XSS) in Open WebUI

CVE-2025-46571: CVE-2025-46571: Stored Cross-Site Scripting (XSS) in Open WebUI

Comments
2 min read
CVE-2025-46719: CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI

CVE-2025-46719: CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI

Comments
2 min read
CVE-2026-26192: CVE-2026-26192: Stored Cross-Site Scripting via Insecure Iframe Sandbox in Open WebUI

CVE-2026-26192: CVE-2026-26192: Stored Cross-Site Scripting via Insecure Iframe Sandbox in Open WebUI

Comments
2 min read
CVE-2026-26193: CVE-2026-26193: Stored XSS via iFrame Embeds in Open WebUI Response Messages

CVE-2026-26193: CVE-2026-26193: Stored XSS via iFrame Embeds in Open WebUI Response Messages

Comments
2 min read
CVE-2026-34225: CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint

CVE-2026-34225: CVE-2026-34225: Blind Server-Side Request Forgery in Open WebUI Image Edit Endpoint

Comments
2 min read
GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

GHSA-VJC7-JRH9-9J86: Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

Comments
2 min read
CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

Comments
2 min read
CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

Comments
2 min read
CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

Comments
2 min read
GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

GHSA-CGFV-JRFP-2R7V: GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

Comments
2 min read
GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

GHSA-QRWJ-VH9X-GW5V: GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

Comments
2 min read
CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo

CVE-2026-35341: CVE-2026-35341: Local Privilege Escalation and Permission Degradation in uutils coreutils mkfifo

Comments
2 min read
CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod

CVE-2026-35361: CVE-2026-35361: Security Permission Bypass via Improper File Cleanup in uutils coreutils mknod

Comments
2 min read
CVE-2026-35381: CVE-2026-35381: Input Sanitization and Logic Bypass in uutils coreutils cut Utility

CVE-2026-35381: CVE-2026-35381: Input Sanitization and Logic Bypass in uutils coreutils cut Utility

Comments
2 min read
CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass

CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass

Comments
2 min read
loading...