PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

CVE-2026-44635

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...

Vulnerability in the "My Orders" section of the Eastern Presentation Society App

East Presentation Club APP is a convenient hotel booking platform. An override access vulnerability exists in the "My Order" section of Dongcheng Club APP. An attacker can traverse the key fields to obtain sensitive information of other users through packet capture...