11 posts
An unauthenticated path traversal vulnerability in SiYuan ≤ 3.6.1 allows attackers to read arbitrary files from the server via the /appearance/ endpoint, exposing sensitive configuration and system data.
A heap-based buffer overflow in MLX ≤ 0.29.3 allows attackers to trigger memory corruption via crafted NumPy .npy files, potentially leading to denial of service or information disclosure.
An authorization flaw in Discourse allows authenticated non-staff users to issue official warnings to other users by abusing type coercion in the post_actions endpoint.
An authenticated SQL injection vulnerability in Kanboard allows attackers to extract sensitive data such as API tokens and password hashes through the external_id_column parameter in project permissions.
A sensitive data exposure vulnerability in Wekan versions 8.31.0 through 8.33 allows any authenticated user to subscribe to the Meteor DDP publication "notificationUsers" and retrieve sensitive user documents including bcrypt password hashes, login session tokens, and email information due to missing authorization and field projection.
A Remote Code Execution vulnerability in zumba/json-serializer versions prior to 3.2.3 allows attackers to instantiate arbitrary PHP objects using the @type field during deserialization. If a suitable gadget chain exists in the application, this can lead to full Remote Code Execution.
A vulnerability in PyJWT versions prior to 2.12.0 allows JSON Web Tokens containing unknown critical header parameters to be accepted instead of rejected. This issue can lead to authentication bypass or security policy circumvention in applications relying on strict JWT validation.
A critical unauthenticated SQL Injection vulnerability (CVE-2026-31877) affecting Frappe Framework allows attackers to extract sensitive database information through improperly sanitized API parameters. This article provides a proof-of-concept exploit and technical overview.
A user enumeration vulnerability in NocoDB versions up to 0.301.2 allows attackers to determine whether an email address is registered by analyzing responses from the password reset endpoint. This issue may allow attackers to collect valid user accounts for further attacks.
A vulnerability in the WordPress User Registration & Membership plugin allows attackers to bypass authentication by abusing a vulnerable AJAX endpoint. This article demonstrates a proof-of-concept exploit targeting versions 4.1.2 and earlier.