CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

PT-2026-48883

Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...

PT-2026-49031

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An issue in message.action forwarding allows model-controlled metadata to forward action payloads containing Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept...

PT-2026-48998

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An information disclosure issue exists in the AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown is populated using the AuthKey.user id...

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

USN-8425-1 libnginx-mod-js vulnerability

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service...

Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds

SSH message fields were decoded through allocation-first parsers before field-specific bounds Summary Several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH pe...

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

UBUNTU-CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

Server-Side Request Forgery (SSRF)

Papra is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of redirect destinations in the webhook delivery system, which allows an attacker to bypass SSRF protections and force the server to make requests to internal network addresses through...

CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

MAL-2026-5647 Malicious code in ts-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37901692194f47c987610aab18ef37d4361e8ab01efd1a8008876920dd8b8aa2 Package is published as 'ts-ecro' but ships a verbatim copy of big.js v7.0.1 with the original author's copyright, email, and GitHub repository URL —...

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

CVE-2026-53901

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

EUVD-2026-36216

Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add handler attempted to remove an attacker-supplied id from $params before normalizing the request through massageInput. Because the normalized $input could still contain an id field, a user...

Malicious code in claimora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b785b842f24aeae0e20157784b17a8bff7003e72575ac9a3aa9cbeb550a5c92 claimora impersonates the jsonwebtoken library auth0: package.json sets author to "auth0", points repository at a non-existent...