CVE Reports - DEV Community

CVE Reports

May 5

CVE-2026-42040: CVE-2026-42040: Null Byte Injection via Improper Parameter Serialization in Axios

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-41907: CVE-2026-41907: Out-of-Bounds Write in uuid npm Package via Missing Boundary Checks

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42044: CVE-2026-42044: Invisible JSON Response Tampering via Prototype Pollution Gadget in Axios

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42043: CVE-2026-42043: Axios NO_PROXY Protection Bypass via RFC 1122 Loopback Subnet

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42041: CVE-2026-42041: Prototype Pollution Gadget in Axios Leading to Authentication Bypass

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42042: CVE-2026-42042: XSRF Token Cross-Origin Leakage via Prototype Pollution in Axios

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42035: CVE-2026-42035: Axios Header Injection via Prototype Pollution Gadget

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42033: CVE-2026-42033: Prototype Pollution Gadget Chain in Axios HTTP Client

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42034: CVE-2026-42034: maxBodyLength Bypass in Axios Node.js Stream Transport

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42039: CVE-2026-42039: Uncontrolled Recursion Denial of Service in Axios toFormData

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42038: CVE-2026-42038: Server-Side Request Forgery via Incomplete Hostname Normalization in Axios Proxy Logic

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42037: CVE-2026-42037: CRLF Injection in Axios Multipart Form Data Generation

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

CVE-2026-42036: CVE-2026-42036: maxContentLength Bypass and Resource Exhaustion in Axios

#security #cve #cybersecurity

2 min read

CVE Reports

May 5

GHSA-GXXH-8VCJ-W2MH: Arbitrary File Upload and Stored XSS in mckenziearts/livewire-markdown-editor

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

May 4

GHSA-FC86-6RV6-2JPM: GHSA-FC86-6RV6-2JPM: Denial of Service via Algorithmic Complexity in webonyx/graphql-php

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

May 4

GHSA-G27R-R6PH-VF5R: GHSA-G27R-R6PH-VF5R: Authentication Bypass via Policy Hash Truncation in sequoia-git

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

May 4

GHSA-G38R-8GMR-GHRF: GHSA-G38R-8GMR-GHRF: Malicious Code Execution via build.rs in Rust Crate mysten-metrics

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

May 4

GHSA-X3H8-JRGH-P8JX: GHSA-X3H8-JRGH-P8JX: Execution Allowlist Bypass in OpenClaw via Heredoc Parsing Discrepancies

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

May 4

CVE-2026-41326: CVE-2026-41326: Arbitrary File Overwrite in Kata Containers via CopyFile API Symlink Subversion

#security #cve #cybersecurity

2 min read

CVE Reports

May 4

CVE-2026-41358: CVE-2026-41358: Origin Validation Error and Prompt Injection via OpenClaw Slack Integration

#security #cve #cybersecurity

2 min read

CVE Reports

May 4

CVE-2026-24118: CVE-2026-24118: Remote Code Execution via Sandbox Escape in vm2

#security #cve #cybersecurity

2 min read

CVE Reports

May 3

CVE-2020-0796: CVE-2020-0796: Remote Code Execution in Windows SMBv3 (SMBGhost)

#security #cve #cybersecurity

2 min read

CVE Reports

May 3

CVE-2025-60724: CVE-2025-60724: Remote Code Execution via Heap-based Buffer Overflow in Microsoft GDI+

#security #cve #cybersecurity

3 min read

CVE Reports

May 3

CVE-2019-0708: CVE-2019-0708: Unauthenticated Remote Code Execution in Windows Remote Desktop Services (BlueKeep)

#security #cve #cybersecurity

2 min read

CVE Reports

May 3

CVE-2025-21376: CVE-2025-21376: Remote Code Execution in Windows LDAP Implementation via Race Condition Weakness Chain

#security #cve #cybersecurity

2 min read

CVE Reports

May 3

CVE-2025-60704: CVE-2025-60704: Elevation of Privilege via Missing Cryptographic Step in Windows Kerberos S4U (CheckSum)

#security #cve #cybersecurity

2 min read

CVE Reports

May 1

GHSA-RH99-WC69-C255: GHSA-RH99-WC69-C255: CopyFile Policy Subversion via Symlinks in Edgeless Systems Contrast

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

May 1

GHSA-MQQ7-WXX5-MP8H: GHSA-MQQ7-WXX5-MP8H: Unauthorized Method Invocation in PrestaShop Checkout

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 30

GHSA-83HF-93M4-RGWQ: CVE-2026-42254: Cross-Zone DNS Cache Poisoning in Hickory DNS Recursor

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 30

GHSA-28XX-PPPM-VQFF: GHSA-28xx-pppm-vqff: Silent Data Loss via Uncommitted Transactions in ydb-go-sdk

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 30

CVE-2026-31431: CVE-2026-31431: Local Privilege Escalation via Page Cache Corruption in Linux Kernel AF_ALG

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 30

CVE-2026-41680: CVE-2026-41680: Denial of Service via Infinite Recursion in marked Lexer

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 30

GHSA-84G5-X8J3-7235: GHSA-84G5-X8J3-7235: DNS Filter Bypass via Off-by-one Error in Netfoil Suffix Trie

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 30

GHSA-VJGJ-42F6-7997: GHSA-vjgj-42f6-7997: Protection Mechanism Failure via Incomplete Seccomp Sandbox in Netfoil

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 29

GHSA-GFG9-5357-HV4C: GHSA-GFG9-5357-HV4C: Local File Read via Unsandboxed Audio Embedding in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 29

GHSA-C28G-VH7M-FM7V: GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in OpenClaw Command Resolution

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 29

CVE-2026-40897: CVE-2026-40897: Remote Code Execution via Array Property Modification in mathjs

#security #cve #cybersecurity

1

2 min read

CVE Reports

Apr 28

GHSA-74M3-9QVM-RP9H: GHSA-74M3-9QVM-RP9H: Arbitrary Host Filesystem Access via Symlink Following in zrok WebDAV

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 28

CVE-2026-3008: CVE-2026-3008: Format String Injection in Notepad++ Localization Parser

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 28

GHSA-WG4G-395P-MQV3: GHSA-WG4G-395P-MQV3: Cleartext Logging of Sensitive Tool-Call Arguments in n8n-mcp

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 27

GHSA-X2QX-6953-8485: GHSA-x2qx-6953-8485: Argument Injection via Insecure Transformation in GitPython

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 27

GHSA-RPM5-65CW-6HJ4: GHSA-RPM5-65CW-6HJ4: Command Injection via Git Options Bypass in GitPython

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-2XCP-X87W-Q377: GHSA-2xcp-x87w-q377: Incorrect Authorization Bypass via Templated Hook Mappings in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-V8QF-FR4G-28P2: CVE-2026-41908: Scope Enforcement Bypass in OpenClaw Assistant Media Route

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 26

GHSA-72Q8-JCMC-97WX: GHSA-72Q8-JCMC-97WX: Authorization Bypass in openclaw via Feishu Chat Misclassification

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-HXVM-XJVF-93F3: GHSA-HXVM-XJVF-93F3: Arbitrary Code Execution via Insecure Environment Variable Loading in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-57R2-H2WJ-G887: GHSA-57R2-H2WJ-G887: Trust Boundary Violation in OpenClaw Isolated Cron Awareness Events

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-MJ59-H3Q9-GHFH: GHSA-MJ59-H3Q9-GHFH: Arbitrary Code Execution via Environment Variable Injection in OpenClaw MCP Servers

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-C4QG-J8JG-42Q5: GHSA-C4QG-J8JG-42Q5: Server-Side Request Forgery in OpenClaw QQBot Extension

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-XRQ9-JM7V-G9H7: CVE-2026-41909: Incorrect Authorization in OpenClaw Device Pairing

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 26

GHSA-J4C5-89F5-F3PM: GHSA-j4c5-89f5-f3pm: Server-Side Request Forgery via CDP Profile Configuration in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-H2VW-PH2C-JVWF: GHSA-H2VW-PH2C-JVWF: Credential Exfiltration via Environment Variable Injection in OpenClaw

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-QRP5-GFW2-GXV4: GHSA-QRP5-GFW2-GXV4: Security Policy Bypass in OpenClaw via Bundled MCP/LSP Tools

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 26

GHSA-7JM2-G593-4QRC: GHSA-7jm2-g593-4qrc: Unauthorized Configuration Mutation in OpenClaw Agent Gateway

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 25

CVE-2026-6553: CVE-2026-6553: Cleartext Password Exposure in TYPO3 CMS Backend User Settings

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 25

GHSA-RRJR-V56M-WW88: GHSA-RRJR-V56M-WW88: Stack Exhaustion Denial of Service in ParquetSharp DecimalConverter

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 25

CVE-2026-41325: CVE-2026-41325: Authorization Bypass via Blueprint Injection in Kirby CMS

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 25

CVE-2026-41485: CVE-2026-41485: Denial of Service in Kyverno via Unchecked Type Assertion in Mutation Engine

#security #cve #cybersecurity

2 min read

CVE Reports

Apr 25

GHSA-39H7-PWV7-RC3X: GHSA-39H7-PWV7-RC3X: DOM-based XSS in Excalidraw via Mermaid Diagram Rendering

#security #cve #cybersecurity #ghsa

2 min read

CVE Reports

Apr 24

GHSA-H829-5CG7-6HFF: GHSA-H829-5CG7-6HFF: Improper Tag Signature Verification in Gitverify

#security #cve #cybersecurity #ghsa

2 min read

One Year Club