CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

CVE-2026-42239

Budibase (backend-core, budibase:auth cookie) is affected prior to version 3.35.10. The issue is that the budibase:auth cookie is set HTTPOnly: false, lacks secure: true and sameSite, allowing access to the JWT session token via document.cookie. This enables any XSS to escalate to full account ta...

AIBOX Cross Site Scripting

AIBOX is a web application for exploring AI consulting and trying out multiple LLMs. It allows users to chat with various LLMs. A reflected cross site scripting XSS vulnerability exists in the chat component, which could lead to JWT token theft and remote account hijacking...

next-auth security vulnerability

next-auth is the complete open source authentication solution for Next.js applications. A security vulnerability exists in versions of next-auth prior to 4.24.5, which stems from an attacker being able to obtain a NextAuth.js-issued JWT from an interrupted OAuth login process status, PKCE, or...