546 matches found
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
Dirty-cow-exploit
System Documentation Architecture - Frontend: React 19...
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
EUVD-2026-32624
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
[SECURITY] Fedora 42 Update: coturn-4.11.0-1.fc42
The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the logging process. An attacker can access sensitive information by obtaining the local sqlite database, which may contain file content that should have been...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the logging process. An attacker can access sensitive information by obtaining the local sqlite database, which may contain file content that should have been...
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
Summary Kysely 0.28.12 added a sanitizeStringLiteral call inside DefaultQueryCompiler.visitJSONPathLeg commit 0a602bf, PR 1727 to fix CVE-2026-32763 GHSA-wmrf-hv6w-mr66. The fix only doubles single quotes ' → ''; it does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled...
PT-2026-39902
Name of the Vulnerable Software and Affected Versions Gryph versions prior to 0.7.0 Description Gryph implements logging levels to control content stored in a local sqlite database. The default log level is set to standard, although documentation incorrectly states it is minimal. At both standard...
CoreExploit-Final
CoreExploit 🔐 Ethical Penetration Testing Learning Platfor...
EUVD-2026-27141
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore...
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore
nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...
CVE-2026-42238
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...
Diesel's SQLite backend has possible UTF-8 corruption
Diesel uses the sqlite3valuetext function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const cchar. Based on that we used str::fromutf8unchecked to...
CVE-2026-42238
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...
CVE-2026-42238
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...
CVE-2026-42238
Nginx UI (nginx-ui) prior to version 2.3.8 exposes an unauthenticated backup restore endpoint (POST /api/restore) during the first 10 minutes after startup. An unauthenticated remote attacker can upload a crafted backup archive that overwrites app.ini and the SQLite database, allowing injection o...
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...