Forem

CVE Reports profile picture

CVE Reports

CVEReports provides daily, automated deep-dives into the latest vulnerabilities, transforming emerging threats into comprehensive technical intelligence.

Joined Joined on  Personal website https://www.cvereports.com
GHSA-H343-GG57-2Q67: CVE-2026-27574: Remote Code Execution in OneUptime Probe via VM Sandbox Escape
cverports profile

GHSA-H343-GG57-2Q67: CVE-2026-27574: Remote Code Execution in OneUptime Probe via VM Sandbox Escape

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30835: CVE-2026-30835: Database Metadata Leak via Malformed Regex in Parse Server
cverports profile

CVE-2026-30835: CVE-2026-30835: Database Metadata Leak via Malformed Regex in Parse Server

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26018: CVE-2026-26018: Remote Denial of Service in CoreDNS Loop Detection Plugin via Predictable PRNG
cverports profile

CVE-2026-26018: CVE-2026-26018: Remote Denial of Service in CoreDNS Loop Detection Plugin via Predictable PRNG

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29064: CVE-2026-29064: Path Traversal via Symlink Extraction in Zarf
cverports profile

CVE-2026-29064: CVE-2026-29064: Path Traversal via Symlink Extraction in Zarf

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30228: CVE-2026-30228: Authorization Bypass in Parse Server Files API via readOnlyMasterKey
cverports profile

CVE-2026-30228: CVE-2026-30228: Authorization Bypass in Parse Server Files API via readOnlyMasterKey

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30241: CVE-2026-30241: Missing Query Depth Validation in Mercurius GraphQL Subscriptions
cverports profile

CVE-2026-30241: CVE-2026-30241: Missing Query Depth Validation in Mercurius GraphQL Subscriptions

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-30229: CVE-2026-30229: Privilege Escalation via Read-Only Master Key in Parse Server
cverports profile

CVE-2026-30229: CVE-2026-30229: Privilege Escalation via Read-Only Master Key in Parse Server

#security #cve #cybersecurity
Comments
2 min read
GHSA-9R75-G2CR-3H76: GHSA-9r75-g2cr-3h76: Predictable Webhook Tokens in Vercel Workflow
cverports profile

GHSA-9R75-G2CR-3H76: GHSA-9r75-g2cr-3h76: Predictable Webhook Tokens in Vercel Workflow

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-26017: CVE-2026-26017: CoreDNS ACL Bypass via TOCTOU in Plugin Chain
cverports profile

CVE-2026-26017: CVE-2026-26017: CoreDNS ACL Bypass via TOCTOU in Plugin Chain

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-3419: CVE-2026-3419: Content-Type Validation Bypass in Fastify via Regex Anchor Missing
cverports profile

CVE-2026-3419: CVE-2026-3419: Content-Type Validation Bypass in Fastify via Regex Anchor Missing

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29783: CVE-2026-29783: Command Injection via Bash Parameter Expansion in GitHub Copilot CLI
cverports profile

CVE-2026-29783: CVE-2026-29783: Command Injection via Bash Parameter Expansion in GitHub Copilot CLI

#security #cve #cybersecurity
Comments
2 min read
GHSA-FWHJ-785H-43HH: GHSA-FWHJ-785H-43HH: Denial of Service via Null Pointer Dereference in OliveTin
cverports profile

GHSA-FWHJ-785H-43HH: GHSA-FWHJ-785H-43HH: Denial of Service via Null Pointer Dereference in OliveTin

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-2833: CVE-2026-2833: HTTP Request Smuggling via Premature Upgrade in Cloudflare Pingora
cverports profile

CVE-2026-2833: CVE-2026-2833: HTTP Request Smuggling via Premature Upgrade in Cloudflare Pingora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-2835: CVE-2026-2835: HTTP Request Smuggling in Cloudflare Pingora
cverports profile

CVE-2026-2835: CVE-2026-2835: HTTP Request Smuggling in Cloudflare Pingora

#security #cve #cybersecurity
Comments
2 min read
GHSA-7RHV-H82H-VPJH: CVE-2026-30777: MFA Bypass in EC-CUBE Administrative Interface
cverports profile

GHSA-7RHV-H82H-VPJH: CVE-2026-30777: MFA Bypass in EC-CUBE Administrative Interface

#security #cve #cybersecurity
Comments
2 min read
GHSA-MH23-RW7F-V5PQ: GHSA-MH23-RW7F-V5PQ: Malicious 'time-sync' Crate Exfiltrating Environment Secrets
cverports profile

GHSA-MH23-RW7F-V5PQ: GHSA-MH23-RW7F-V5PQ: Malicious 'time-sync' Crate Exfiltrating Environment Secrets

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
CVE-2025-11143: CVE-2025-11143: URI Parsing Differential in Eclipse Jetty
cverports profile

CVE-2025-11143: CVE-2025-11143: URI Parsing Differential in Eclipse Jetty

#security #cve #cybersecurity
Comments
2 min read
GHSA-X2G5-FVC2-GQVP: GHSA-X2G5-FVC2-GQVP: Insufficient Bcrypt Salt Rounds in Flowise
cverports profile

GHSA-X2G5-FVC2-GQVP: GHSA-X2G5-FVC2-GQVP: Insufficient Bcrypt Salt Rounds in Flowise

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JC5M-WRP2-QQ38: GHSA-jc5m-wrp2-qq38: PII Disclosure via Flowise Forgot Password Endpoint
cverports profile

GHSA-JC5M-WRP2-QQ38: GHSA-jc5m-wrp2-qq38: PII Disclosure via Flowise Forgot Password Endpoint

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5R2P-PJR8-7FH7: Remote Code Execution in AWS SageMaker Python SDK via Unsafe eval()
cverports profile

GHSA-5R2P-PJR8-7FH7: Remote Code Execution in AWS SageMaker Python SDK via Unsafe eval()

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-1605: CVE-2026-1605: Native Memory Leak in Eclipse Jetty GzipHandler
cverports profile

CVE-2026-1605: CVE-2026-1605: Native Memory Leak in Eclipse Jetty GzipHandler

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-2836: CVE-2026-2836: Host-Blind Cache Poisoning in Cloudflare Pingora
cverports profile

CVE-2026-2836: CVE-2026-2836: Host-Blind Cache Poisoning in Cloudflare Pingora

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26196: CVE-2026-26196: Sensitive API Token Exposure via URL Query Parameters in Gogs
cverports profile

CVE-2026-26196: CVE-2026-26196: Sensitive API Token Exposure via URL Query Parameters in Gogs

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-26194: CVE-2026-26194: Command Option Injection in Gogs Release Deletion
cverports profile

CVE-2026-26194: CVE-2026-26194: Command Option Injection in Gogs Release Deletion

#security #cve #cybersecurity
1
Comments
2 min read
CVE-2026-25048: CVE-2026-25048: Stack Exhaustion Denial of Service in xgrammar EBNF Parser
cverports profile

CVE-2026-25048: CVE-2026-25048: Stack Exhaustion Denial of Service in xgrammar EBNF Parser

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-27944: CVE-2026-27944: Unauthenticated Backup Download and Encryption Key Disclosure in Nginx UI
cverports profile

CVE-2026-27944: CVE-2026-27944: Unauthenticated Backup Download and Encryption Key Disclosure in Nginx UI

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-20122: CVE-2026-20122: Arbitrary File Overwrite in Cisco Catalyst SD-WAN Manager API
cverports profile

CVE-2026-20122: CVE-2026-20122: Arbitrary File Overwrite in Cisco Catalyst SD-WAN Manager API

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-20079: CVE-2026-20079: Authentication Bypass & RCE in Cisco Secure FMC
cverports profile

CVE-2026-20079: CVE-2026-20079: Authentication Bypass & RCE in Cisco Secure FMC

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-20131: CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization
cverports profile

CVE-2026-20131: CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization

#security #cve #cybersecurity
Comments
2 min read
CVE-2025-15558: CVE-2025-15558: Local Privilege Escalation via Uncontrolled Search Path in Docker CLI for Windows
cverports profile

CVE-2025-15558: CVE-2025-15558: Local Privilege Escalation via Uncontrolled Search Path in Docker CLI for Windows

#security #cve #cybersecurity
Comments
2 min read
GHSA-HHJV-JQ77-CMVX: GHSA-HHJV-JQ77-CMVX: Android Shell Blocklist Bypass in Zeptoclaw via Argument Permutation
cverports profile

GHSA-HHJV-JQ77-CMVX: GHSA-HHJV-JQ77-CMVX: Android Shell Blocklist Bypass in Zeptoclaw via Argument Permutation

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-22719: CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations
cverports profile

CVE-2026-22719: CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations

#security #cve #cybersecurity
Comments
2 min read
GHSA-5WP8-Q9MX-8JX8: GHSA-5WP8-Q9MX-8JX8: Critical Shell Security Bypass in Zeptoclaw AI Runtime
cverports profile

GHSA-5WP8-Q9MX-8JX8: GHSA-5WP8-Q9MX-8JX8: Critical Shell Security Bypass in Zeptoclaw AI Runtime

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-9M84-WC28-W895: GHSA-9m84-wc28-w895: Incomplete CSRF Protection and Weak OTC Binding in Ghost
cverports profile

GHSA-9M84-WC28-W895: GHSA-9m84-wc28-w895: Incomplete CSRF Protection and Weak OTC Binding in Ghost

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-XHW7-JHMP-J62J: GHSA-XHW7-JHMP-J62J: Malicious 'dnp3times' Crate Exfiltrates Secrets via Typosquatting
cverports profile

GHSA-XHW7-JHMP-J62J: GHSA-XHW7-JHMP-J62J: Malicious 'dnp3times' Crate Exfiltrates Secrets via Typosquatting

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-QFFP-2RHF-9H96: GHSA-qffp-2rhf-9h96: Hardlink Path Traversal in node-tar via Drive-Relative Paths
cverports profile

GHSA-QFFP-2RHF-9H96: GHSA-qffp-2rhf-9h96: Hardlink Path Traversal in node-tar via Drive-Relative Paths

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-3125: CVE-2026-3125: SSRF via Differential Path Normalization in @opennextjs/cloudflare
cverports profile

CVE-2026-3125: CVE-2026-3125: SSRF via Differential Path Normalization in @opennextjs/cloudflare

#security #cve #cybersecurity
Comments
2 min read
GHSA-W75W-9QV4-J5XJ: GHSA-W75W-9QV4-J5XJ: Path Traversal in dbt-common Archive Extraction
cverports profile

GHSA-W75W-9QV4-J5XJ: GHSA-W75W-9QV4-J5XJ: Path Traversal in dbt-common Archive Extraction

#security #cve #cybersecurity #ghsa
1
Comments
2 min read
GHSA-V2X6-WWFW-R2RQ: GHSA-v2x6-wwfw-r2rq: Path Traversal and Parameter Injection in Agentgateway
cverports profile

GHSA-V2X6-WWFW-R2RQ: GHSA-v2x6-wwfw-r2rq: Path Traversal and Parameter Injection in Agentgateway

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-3520: CVE-2026-3520: Denial of Service via Uncontrolled Recursion in Multer
cverports profile

CVE-2026-3520: CVE-2026-3520: Denial of Service via Uncontrolled Recursion in Multer

#security #cve #cybersecurity
Comments
2 min read
GHSA-WF45-3GPW-VRQV: Malicious Rust Crate 'time_calibrators' Exfiltrates Environment Variables
cverports profile

GHSA-WF45-3GPW-VRQV: Malicious Rust Crate 'time_calibrators' Exfiltrates Environment Variables

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-WCCX-J62J-R448: Fickling Security Bypass: Incomplete Monkey-Patching in Safety Hooks
cverports profile

GHSA-WCCX-J62J-R448: Fickling Security Bypass: Incomplete Monkey-Patching in Safety Hooks

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-5HWF-RC88-82XM: CVE-2026-22609: Incomplete Blocklist in Fickling Pickle Analyzer Leads to Arbitrary Code Execution
cverports profile

GHSA-5HWF-RC88-82XM: CVE-2026-22609: Incomplete Blocklist in Fickling Pickle Analyzer Leads to Arbitrary Code Execution

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-29069: CVE-2026-29069: Unauthenticated Activation Email Trigger in Craft CMS
cverports profile

CVE-2026-29069: CVE-2026-29069: Unauthenticated Activation Email Trigger in Craft CMS

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-3351: CVE-2026-3351: Authorization Bypass in Canonical LXD Certificates API
cverports profile

CVE-2026-3351: CVE-2026-3351: Authorization Bypass in Canonical LXD Certificates API

#security #cve #cybersecurity
Comments
2 min read
GHSA-JWF4-8WF4-JF2M: GHSA-JWF4-8WF4-JF2M: Critical Authorization Bypass in OpenClaw BlueBubbles Plugin
cverports profile

GHSA-JWF4-8WF4-JF2M: GHSA-JWF4-8WF4-JF2M: Critical Authorization Bypass in OpenClaw BlueBubbles Plugin

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-F6H3-846H-2R8W: GHSA-f6h3-846h-2r8w: Authorization Bypass in OpenClaw via Improper Recipient Validation
cverports profile

GHSA-F6H3-846H-2R8W: GHSA-f6h3-846h-2r8w: Authorization Bypass in OpenClaw via Improper Recipient Validation

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-W7J5-J98M-W679: GHSA-W7J5-J98M-W679: Excessive Privileges (Root Execution) in OpenClaw Containers
cverports profile

GHSA-W7J5-J98M-W679: GHSA-W7J5-J98M-W679: Excessive Privileges (Root Execution) in OpenClaw Containers

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-25PW-4H6W-QWVM: OpenClaw BlueBubbles Group Allowlist Bypass via DM Pairing Fallback
cverports profile

GHSA-25PW-4H6W-QWVM: OpenClaw BlueBubbles Group Allowlist Bypass via DM Pairing Fallback

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-4GC7-QCVF-38WG: CVE-2026-28363: Remote Code Execution in OpenClaw via Argument Injection
cverports profile

GHSA-4GC7-QCVF-38WG: CVE-2026-28363: Remote Code Execution in OpenClaw via Argument Injection

#security #cve #cybersecurity
Comments
2 min read
GHSA-659F-22XC-98F2: GHSA-659F-22XC-98F2: Path Traversal via Symbolic Links in OpenClaw Webhook Transforms
cverports profile

GHSA-659F-22XC-98F2: GHSA-659F-22XC-98F2: Path Traversal via Symbolic Links in OpenClaw Webhook Transforms

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-V6X2-2QVM-6GV8: GHSA-V6X2-2QVM-6GV8: Critical Token Leak via Insecure Hashing Fallback in OpenClaw
cverports profile

GHSA-V6X2-2QVM-6GV8: GHSA-V6X2-2QVM-6GV8: Critical Token Leak via Insecure Hashing Fallback in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-GW85-XP4Q-5GP9: GHSA-GW85-XP4Q-5GP9: Authorization Bypass in OpenClaw Synology Chat Extension
cverports profile

GHSA-GW85-XP4Q-5GP9: GHSA-GW85-XP4Q-5GP9: Authorization Bypass in OpenClaw Synology Chat Extension

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-8MF7-VV8W-HJR2: GHSA-8MF7-VV8W-HJR2: Remote Code Execution via Insecure SafeBins Fallback in OpenClaw
cverports profile

GHSA-8MF7-VV8W-HJR2: GHSA-8MF7-VV8W-HJR2: Remote Code Execution via Insecure SafeBins Fallback in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-R9Q5-C7QC-P26W: GHSA-R9Q5-C7QC-P26W: Webhook Replay Vulnerability in OpenClaw Nextcloud Talk Integration
cverports profile

GHSA-R9Q5-C7QC-P26W: GHSA-R9Q5-C7QC-P26W: Webhook Replay Vulnerability in OpenClaw Nextcloud Talk Integration

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JXRQ-8FM4-9P58: OpenClaw Archive Extraction Path Traversal via Symlinks
cverports profile

GHSA-JXRQ-8FM4-9P58: OpenClaw Archive Extraction Path Traversal via Symlinks

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-M8V2-6WWH-R4GC: GHSA-M8V2-6WWH-R4GC: Sandbox Escape via Symlink Manipulation in OpenClaw
cverports profile

GHSA-M8V2-6WWH-R4GC: GHSA-M8V2-6WWH-R4GC: Sandbox Escape via Symlink Manipulation in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-792Q-QW95-F446: GHSA-792Q-QW95-F446: Authorization Bypass in OpenClaw Signal Reaction Handling
cverports profile

GHSA-792Q-QW95-F446: GHSA-792Q-QW95-F446: Authorization Bypass in OpenClaw Signal Reaction Handling

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-WPPH-CJGR-7C39: GHSA-WPPH-CJGR-7C39: Identity Collision in OpenClaw Group Policy Resolver
cverports profile

GHSA-WPPH-CJGR-7C39: GHSA-WPPH-CJGR-7C39: Identity Collision in OpenClaw Group Policy Resolver

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-JJ82-76V6-933R: GHSA-JJ82-76V6-933R: Execution Allowlist Bypass via Wrapper Injection in OpenClaw
cverports profile

GHSA-JJ82-76V6-933R: GHSA-JJ82-76V6-933R: Execution Allowlist Bypass via Wrapper Injection in OpenClaw

#security #cve #cybersecurity #ghsa
Comments
2 min read
loading...