2278288 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`
Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...
flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf
Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...
WeasyPrint has CSS Injection via Presentational Hints
Summary A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. Details File: weasyprint/css/init.py The...
OpenRemote read-only asset users can write predicted datapoints
Summary The predicted datapoint write endpoint allows users with only read:assets privileges to write predicted datapoints. The endpoint: text PUT /api/realm/asset/predicted/assetId/attributeName accepts write requests from users lacking write:assets. The implementation appears to check READASSET...
Formie Hidden field defaults vulnerable to Server-Side Template Injection
Summary Formie Hidden fields could evaluate request-derived values as Twig during front-end form rendering. When a Hidden field used a dynamic default value such as HTTP User Agent, Referer URL, Current URL, Query Parameter, or Cookie Value, the value was copied from the incoming request and late...
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 CVSS score: 9.8, a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header...
CVE-2026-59152
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...
Is Your AppSec Program Built to Close the OWASP Top 10 2025 Coverage Gap?
Key Takeaways Most AppSec programs treat API-layer coverage as a DAST extension, but BOLA, BFLA, and SSRF require authenticated multi-role testing that traditional scanners weren’t built to run at scale. Modern authentication flows OAuth2, JWT validation, MFA-protected sessions often fall outside...
CVE-2026-59152 Arbitrary server-side file read in LangSmith SDK TracingMiddleware
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...
CVE-2026-59152
The LangSmith Client SDKs’ TracingMiddleware had a vulnerability before version 0.8.18 where an HTTP request to a server running TracingMiddleware could trigger reading an arbitrary file from the server’s filesystem and uploading it to LangSmith as a trace attachment. This enables a trust-boundar...
CVE-2026-59152
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...
EUVD-2026-41879
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...
Exploit for Incorrect Behavior Order: Authorization Before Parsing and Canonicalization in Apache Camel
camel-platform-http-main Authentication Bypass on Non-Root Con...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identit...
Exploit for Path Traversal in Adobe Coldfusion
CVE-2026-48282-POC CVE-2026-48282 is a path traversal...
Exploit for Path Traversal in Adobe Coldfusion
CVE-2026-48282-POC CVE-2026-48282 is a path traversal...
Exploit for Improper Use of Validation Framework in Apache Camel
camel-mail Header Injection → RCE Vulnerability Reproducer CV...
web-security-research
Web Application Security Research - SQL Injection & XSS Comparat...