GHSA-XW36-67F8-339X SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering

Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the WebSocket message handler in kernel/server/serve.go. An attacker can crash the kernel process and disrupt service availability by sending malformed JSON over an unauthenticated...

SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...

GHSA-3G9H-9HP4-654V SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...

GHSA-5HMJ-JCGP-6HFF Parse Server leaks protected fields via LiveQuery afterEvent trigger

Impact When a Parse.Cloud.afterLiveQueryEvent trigger is registered for a class, the LiveQuery server leaks protected fields and authData to all subscribers of that class. Fields configured as protected via Class-Level Permissions protectedFields are included in LiveQuery event payloads for all...

OPENSUSE-SU-2026:20392-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: Changes in python-Authlib: - CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738 - CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key...

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectElement.innerHTML method. An attacker...

SQLInject

Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...

GHSA-C8RR-9GXC-JPRV UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

Summary ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent parameter and the nested depth of the input exceeds INT32MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow...

github.com/buger/jsonparser has a denial of service vulnerability

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

GHSA-WMRF-HV6W-MR66 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

EUVD-2025-208825

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

CVE-2025-41258

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

CVE-2026-33265

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

CVE-2026-33265

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

CVE-2026-33265

The vulnerability CVE-2026-33265 affects LibreChat 0.8.1-rc2, where a logged-in user can obtain a JWT for both the LibreChat API and the RAG API. The connected documents confirm the affected product and the exact outcome (JWTs issued to an authenticated user), but they do not provide root cause d...

CVE-2025-41258

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

EUVD-2026-12795

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...