Forem

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
CVE-2026-33690: CVE-2026-33690: IP Address Spoofing via Unsafe Header Processing in WWBN AVideo
cverports profile

CVE-2026-33690: CVE-2026-33690: IP Address Spoofing via Unsafe Header Processing in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33548: CVE-2026-33548: Stored Cross-Site Scripting in MantisBT Timeline Feature
cverports profile

CVE-2026-33548: CVE-2026-33548: Stored Cross-Site Scripting in MantisBT Timeline Feature

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33517: CVE-2026-33517: Stored Cross-Site Scripting in MantisBT Tag Deletion
cverports profile

CVE-2026-33517: CVE-2026-33517: Stored Cross-Site Scripting in MantisBT Tag Deletion

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33649: CVE-2026-33649: GET-Based CSRF Privilege Escalation in WWBN AVideo
cverports profile

CVE-2026-33649: CVE-2026-33649: GET-Based CSRF Privilege Escalation in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33650: CVE-2026-33650: Privilege Escalation via Incorrect Authorization in WWBN AVideo
cverports profile

CVE-2026-33650: CVE-2026-33650: Privilege Escalation via Incorrect Authorization in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33651: CVE-2026-33651: Blind SQL Injection in WWBN AVideo Live Schedule Reminder
cverports profile

CVE-2026-33651: CVE-2026-33651: Blind SQL Injection in WWBN AVideo Live Schedule Reminder

#security #cve #cybersecurity
Comments
2 min read
GHSA-5MG7-485Q-XM76: GHSA-5mg7-485q-xm76: Supply Chain Compromise and Credential Harvesting Malware in LiteLLM
cverports profile

GHSA-5MG7-485Q-XM76: GHSA-5mg7-485q-xm76: Supply Chain Compromise and Credential Harvesting Malware in LiteLLM

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-XCX6-VP38-8HR5: GHSA-xcx6-vp38-8hr5: Uncontrolled Recursion leading to Denial of Service in Scriban
cverports profile

GHSA-XCX6-VP38-8HR5: GHSA-xcx6-vp38-8hr5: Uncontrolled Recursion leading to Denial of Service in Scriban

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2025-71176: CVE-2025-71176: Local Privilege Escalation and Information Disclosure via TOCTOU Race Condition in pytest
cverports profile

CVE-2025-71176: CVE-2025-71176: Local Privilege Escalation and Information Disclosure via TOCTOU Race Condition in pytest

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32597: CVE-2026-32597: Critical Header Parameter Validation Bypass in PyJWT
cverports profile

CVE-2026-32597: CVE-2026-32597: Critical Header Parameter Validation Bypass in PyJWT

#security #cve #cybersecurity
Comments
2 min read
GHSA-M2P3-HWV5-XPQW: GHSA-M2P3-HWV5-XPQW: Denial of Service via Unbounded Cumulative Template Output in Scriban
cverports profile

GHSA-M2P3-HWV5-XPQW: GHSA-M2P3-HWV5-XPQW: Denial of Service via Unbounded Cumulative Template Output in Scriban

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-XW6W-9JJH-P9CR: GHSA-XW6W-9JJH-P9CR: Multiple Denial-of-Service Vulnerabilities in Scriban Templating Engine
cverports profile

GHSA-XW6W-9JJH-P9CR: GHSA-XW6W-9JJH-P9CR: Multiple Denial-of-Service Vulnerabilities in Scriban Templating Engine

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-33215: CVE-2026-33215: MQTT Session and Message Hijacking via Client ID Malfeasance in NATS-Server
cverports profile

CVE-2026-33215: CVE-2026-33215: MQTT Session and Message Hijacking via Client ID Malfeasance in NATS-Server

#security #cve #cybersecurity
Comments
2 min read
GHSA-7789-65HX-F26W: GHSA-7789-65HX-F26W: Username Enumeration via Authentication Timing Side-Channel in FileBrowser Quantum
cverports profile

GHSA-7789-65HX-F26W: GHSA-7789-65HX-F26W: Username Enumeration via Authentication Timing Side-Channel in FileBrowser Quantum

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5VP3-3CG6-2RQ3: GHSA-5VP3-3CG6-2RQ3: Cross-Site Scripting via Markdown Serialization Breakout in justhtml
cverports profile

GHSA-5VP3-3CG6-2RQ3: GHSA-5VP3-3CG6-2RQ3: Cross-Site Scripting via Markdown Serialization Breakout in justhtml

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-33627: CVE-2026-33627: Sensitive Information Disclosure via Master Key Context in Parse Server
cverports profile

CVE-2026-33627: CVE-2026-33627: Sensitive Information Disclosure via Master Key Context in Parse Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33624: CVE-2026-33624: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Parse Server MFA Recovery
cverports profile

CVE-2026-33624: CVE-2026-33624: Time-of-Check Time-of-Use (TOCTOU) Race Condition in Parse Server MFA Recovery

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29772: CVE-2026-29772: Unauthenticated Denial of Service via Resource Exhaustion in Astro Server Islands
cverports profile

CVE-2026-29772: CVE-2026-29772: Unauthenticated Denial of Service via Resource Exhaustion in Astro Server Islands

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33161: CVE-2026-33161: Insecure Direct Object Reference in Craft CMS AssetsController
cverports profile

CVE-2026-33161: CVE-2026-33161: Insecure Direct Object Reference in Craft CMS AssetsController

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33162: CVE-2026-33162: Authorization Bypass in Craft CMS Entry Relocation
cverports profile

CVE-2026-33162: CVE-2026-33162: Authorization Bypass in Craft CMS Entry Relocation

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33634: CVE-2026-33634: Remote Supply Chain Compromise in Trivy Ecosystem via Non-Atomic Secret Rotation
cverports profile

CVE-2026-33634: CVE-2026-33634: Remote Supply Chain Compromise in Trivy Ecosystem via Non-Atomic Secret Rotation

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33160: CVE-2026-33160: Unauthenticated Information Disclosure via Authorization Bypass in Craft CMS
cverports profile

CVE-2026-33160: CVE-2026-33160: Unauthenticated Information Disclosure via Authorization Bypass in Craft CMS

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-3055: CVE-2026-3055: Out-of-Bounds Read in Citrix NetScaler SAML IDP
cverports profile

CVE-2026-3055: CVE-2026-3055: Out-of-Bounds Read in Citrix NetScaler SAML IDP

#security #cve #cybersecurity
Comments
2 min read
CVE-2025-54957: CVE-2025-54957: Integer Overflow to Heap-Based Buffer Overflow in Dolby Unified Decoder
cverports profile

CVE-2025-54957: CVE-2025-54957: Integer Overflow to Heap-Based Buffer Overflow in Dolby Unified Decoder

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-27727: CVE-2026-27727: Remote Code Execution in mchange-commons-java Custom JNDI Implementation
cverports profile

CVE-2026-27727: CVE-2026-27727: Remote Code Execution in mchange-commons-java Custom JNDI Implementation

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32276: CVE-2026-32276: Arbitrary Code Execution in Connect-CMS Code Study Plugin
cverports profile

CVE-2026-32276: CVE-2026-32276: Arbitrary Code Execution in Connect-CMS Code Study Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32277: CVE-2026-32277: Persistent DOM-based XSS in Connect-CMS Cabinet Plugin
cverports profile

CVE-2026-32277: CVE-2026-32277: Persistent DOM-based XSS in Connect-CMS Cabinet Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32279: CVE-2026-32279: Server-Side Request Forgery in Connect-CMS External Page Migration
cverports profile

CVE-2026-32279: CVE-2026-32279: Server-Side Request Forgery in Connect-CMS External Page Migration

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32299: CVE-2026-32299: Improper Authorization and Data Leakage in Connect-CMS
cverports profile

CVE-2026-32299: CVE-2026-32299: Improper Authorization and Data Leakage in Connect-CMS

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-32300: CVE-2026-32300: Insecure Direct Object Reference in Connect-CMS Profile Update
cverports profile

CVE-2026-32300: CVE-2026-32300: Insecure Direct Object Reference in Connect-CMS Profile Update

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33046: CVE-2026-33046: LaTeX Injection Leading to Local File Disclosure and Remote Code Execution in Indico
cverports profile

CVE-2026-33046: CVE-2026-33046: LaTeX Injection Leading to Local File Disclosure and Remote Code Execution in Indico

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33168: CVE-2026-33168: Cross-Site Scripting (XSS) via Attribute Injection in Rails Action View
cverports profile

CVE-2026-33168: CVE-2026-33168: Cross-Site Scripting (XSS) via Attribute Injection in Rails Action View

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33169: CVE-2026-33169: Regular Expression Denial of Service (ReDoS) in ActiveSupport Number Formatting
cverports profile

CVE-2026-33169: CVE-2026-33169: Regular Expression Denial of Service (ReDoS) in ActiveSupport Number Formatting

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33170: CVE-2026-33170: Cross-Site Scripting (XSS) via SafeBuffer State Loss in Rails Active Support
cverports profile

CVE-2026-33170: CVE-2026-33170: Cross-Site Scripting (XSS) via SafeBuffer State Loss in Rails Active Support

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33173: CVE-2026-33173: Content Type Bypass via Metadata Injection in Rails Active Storage
cverports profile

CVE-2026-33173: CVE-2026-33173: Content Type Bypass via Metadata Injection in Rails Active Storage

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33174: CVE-2026-33174: Denial of Service via Unbounded Memory Allocation in Rails Active Storage
cverports profile

CVE-2026-33174: CVE-2026-33174: Denial of Service via Unbounded Memory Allocation in Rails Active Storage

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33195: CVE-2026-33195: Path Traversal Vulnerability in Ruby on Rails Active Storage DiskService
cverports profile

CVE-2026-33195: CVE-2026-33195: Path Traversal Vulnerability in Ruby on Rails Active Storage DiskService

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33202: CVE-2026-33202: Glob Injection and Arbitrary File Deletion in Rails Active Storage
cverports profile

CVE-2026-33202: CVE-2026-33202: Glob Injection and Arbitrary File Deletion in Rails Active Storage

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33176: CVE-2026-33176: Denial of Service via Scientific Notation in Rails Active Support Number Helpers
cverports profile

CVE-2026-33176: CVE-2026-33176: Denial of Service via Scientific Notation in Rails Active Support Number Helpers

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33167: CVE-2026-33167: Cross-Site Scripting (XSS) in Ruby on Rails Action Pack Debug Exceptions
cverports profile

CVE-2026-33167: CVE-2026-33167: Cross-Site Scripting (XSS) in Ruby on Rails Action Pack Debug Exceptions

#security #cve #cybersecurity
Comments
2 min read
GHSA-Q5PR-72PQ-83V3: GHSA-Q5PR-72PQ-83V3: Unbounded Chunked Cookie Count Denial of Service in h3
cverports profile

GHSA-Q5PR-72PQ-83V3: GHSA-Q5PR-72PQ-83V3: Unbounded Chunked Cookie Count Denial of Service in h3

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-FP4X-GGRF-WMC6: GHSA-FP4X-GGRF-WMC6: Open Redirect via Protocol-Relative Paths in UnJS H3
cverports profile

GHSA-FP4X-GGRF-WMC6: GHSA-FP4X-GGRF-WMC6: Open Redirect via Protocol-Relative Paths in UnJS H3

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-32278: CVE-2026-32278: Stored Cross-Site Scripting (XSS) via Unrestricted File Upload in Connect-CMS
cverports profile

CVE-2026-32278: CVE-2026-32278: Stored Cross-Site Scripting (XSS) via Unrestricted File Upload in Connect-CMS

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30849: CVE-2026-30849: Authentication Bypass via Type Juggling in MantisBT SOAP API
cverports profile

CVE-2026-30849: CVE-2026-30849: Authentication Bypass via Type Juggling in MantisBT SOAP API

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30886: CVE-2026-30886: Insecure Direct Object Reference in QuantumNous New API Video Proxy
cverports profile

CVE-2026-30886: CVE-2026-30886: Insecure Direct Object Reference in QuantumNous New API Video Proxy

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33499: CVE-2026-33499: Reflected Cross-Site Scripting in WWBN AVideo Password Forms
cverports profile

CVE-2026-33499: CVE-2026-33499: Reflected Cross-Site Scripting in WWBN AVideo Password Forms

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33513: CVE-2026-33513: Unauthenticated Local File Inclusion in WWBN AVideo API Plugin
cverports profile

CVE-2026-33513: CVE-2026-33513: Unauthenticated Local File Inclusion in WWBN AVideo API Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33500: CVE-2026-33500: Stored Cross-Site Scripting via Markdown Parsing Bypass in WWBN AVideo
cverports profile

CVE-2026-33500: CVE-2026-33500: Stored Cross-Site Scripting via Markdown Parsing Bypass in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33501: CVE-2026-33501: Missing Authorization Information Disclosure in WWBN AVideo Permissions Plugin
cverports profile

CVE-2026-33501: CVE-2026-33501: Missing Authorization Information Disclosure in WWBN AVideo Permissions Plugin

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33507: CVE-2026-33507: Remote Code Execution via Cross-Site Request Forgery in WWBN AVideo
cverports profile

CVE-2026-33507: CVE-2026-33507: Remote Code Execution via Cross-Site Request Forgery in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33502: CVE-2026-33502: Unauthenticated SSRF and Command Injection in WWBN AVideo
cverports profile

CVE-2026-33502: CVE-2026-33502: Unauthenticated SSRF and Command Injection in WWBN AVideo

#security #cve #cybersecurity
Comments
2 min read
CVE-2025-55988: CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core
cverports profile

CVE-2025-55988: CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core

#security #cve #cybersecurity
Comments
2 min read
GHSA-F67F-HCR6-94MF: GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows
cverports profile

GHSA-F67F-HCR6-94MF: GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-PWJX-QHCG-RVJ4: GHSA-pwjx-qhcg-rvj4: Certificate Revocation Bypass via Iterator Exhaustion in rustls-webpki
cverports profile

GHSA-PWJX-QHCG-RVJ4: GHSA-pwjx-qhcg-rvj4: Certificate Revocation Bypass via Iterator Exhaustion in rustls-webpki

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-MWJC-5J4X-R686: CVE-2025-34433: Unauthenticated Remote Code Execution via Cryptographic Failures in AVideo
cverports profile

GHSA-MWJC-5J4X-R686: CVE-2025-34433: Unauthenticated Remote Code Execution via Cryptographic Failures in AVideo

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-8FW8-Q79C-FP9M: GHSA-8FW8-Q79C-FP9M: Unauthenticated Local File Inclusion and Remote Code Execution in AVideo API
cverports profile

GHSA-8FW8-Q79C-FP9M: GHSA-8FW8-Q79C-FP9M: Unauthenticated Local File Inclusion and Remote Code Execution in AVideo API

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-X49Q-FHHM-R9JF: GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw
cverports profile

GHSA-X49Q-FHHM-R9JF: GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-32305: CVE-2026-32305: Mutual TLS Bypass via Fragmented ClientHello in Traefik
cverports profile

CVE-2026-32305: CVE-2026-32305: Mutual TLS Bypass via Fragmented ClientHello in Traefik

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33055: CVE-2026-33055: Parser Differential and Archive Smuggling in Rust tar-rs
cverports profile

CVE-2026-33055: CVE-2026-33055: Parser Differential and Archive Smuggling in Rust tar-rs

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-33056: CVE-2026-33056: Arbitrary Directory Permission Modification via Symlink Following in tar-rs
cverports profile

CVE-2026-33056: CVE-2026-33056: Arbitrary Directory Permission Modification via Symlink Following in tar-rs

#security #cve #cybersecurity
Comments
2 min read
loading...