CVE-2026-41067

Summary: CVE-2026-41067 affects Astro’s SSR pipeline, where defineScriptVars sanitizes inline script values using a case-sensitive //g regex. This fails to match closing script tags when payloads use case variants (e.g., ), whitespace before > (), or self-closing forms (), allowing injected HT...

EUVD-2026-25573

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

Summary A critical Broken Access Control vulnerability was identified in the ActionsController of the Avo framework v3.x. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of Avo::BaseAction on any resource, even if the action is not registered fo...

GHSA-QC5P-3MG5-9FH8 Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

Summary A critical Broken Access Control vulnerability was identified in the ActionsController of the Avo framework v3.x. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of Avo::BaseAction on any resource, even if the action is not registered fo...

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the value function in src/Toolkit/Xml.php. An attacker can smuggle raw XML markup into generated output by supplying a string that begins with - GitHub Commit - Maintainer's Advisory Credit: dapatrese...

PT-2026-35054

Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1 Description Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, leading ...

📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter

This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...

📄 NLTK 3.9.2 Path Traversal / File Disclosure

NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 10.0.5 contained security vulnerabilities; these vulnerabilities stemmed from incorrect status codes returned when processing the if-match header, which could lead to static resource caching erro...

zserio 安全漏洞

Zserio is an open-source framework for efficiently serializing structured data by Navigation Data Standard e.V. Versions of Zserio prior to 2.18.1 contained a security vulnerability. This vulnerability stemmed from the ability of a specially crafted payload to forcibly allocate up to 16 GB of...

Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)

"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

PT-2026-35079

Name of the Vulnerable Software and Affected Versions awslabs/tough versions prior to 0.22.0 Description Improper verification of cryptographic signature uniqueness in delegated role validation allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a...

Amazon tough 数据伪造问题漏洞

Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from the lack of expiration, hashing, and length checks in the delegated metadata validation process...

Astro 跨站脚本漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 6.1.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of case-sensitive regular expressions in the defineScriptVars function, which cleaned and injected...

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 13.1.10 had code vulnerabilities. These vulnerabilities stemmed from the use of default redirection behavior in fetch calls, which could allow Cloudflare Workers to bypass domain whitelist checks...

Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources

Summary A critical Broken Access Control vulnerability was identified in the ActionsController of the Avo framework v3.x. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of Avo::BaseAction on any resource, even if the action is not registered fo...

CVE-2026-41279

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint POST /api/v1/text-to-speech/generate is whitelisted no auth and accepts a credentialId directly in the request body. When called without a chatflowId, th...

CVE-2026-41239

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the invokefunction process. An attacker can execute arbitrary PHP code by sending specially crafted requests to the index.php endpoint with malicious function parameters. Remediation...