๐จ CVE-2026-29045
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.
๐@cveNotify
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.
๐@cveNotify
GitHub
Merge commit from fork ยท honojs/hono@6a0607a
* fix(serve-static): replace decodeURIComponent with tryDecodeURI to prevent auth bypass
Co-authored-by: Taku Amano <taku@taaas.jp>
* fix(serve-static): replace decodeURIComponent wi...
Co-authored-by: Taku Amano <taku@taaas.jp>
* fix(serve-static): replace decodeURIComponent wi...
๐จ CVE-2026-29085
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
๐@cveNotify
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
๐@cveNotify
GitHub
Merge commit from fork ยท honojs/hono@f4123ed
* fix: sse event must not contain \r or \n
* fix: improve error message
* fix: improve error message
๐จ CVE-2026-29086
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
๐@cveNotify
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
๐@cveNotify
GitHub
Merge commit from fork ยท honojs/hono@44ae0c8
Web framework built on Web Standards. Contribute to honojs/hono development by creating an account on GitHub.
๐จ CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.
๐@cveNotify
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.
๐@cveNotify
๐จ CVE-2025-63911
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability.
๐@cveNotify
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability.
๐@cveNotify
Gist
CVE-2025-63911 - Cohesity TranZman CLISH Command Injection
CVE-2025-63911 - Cohesity TranZman CLISH Command Injection - CVE-2025-63911.md
๐จ CVE-2025-63912
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials.
๐@cveNotify
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials.
๐@cveNotify
Gist
CVE-2025-63912 - Cohesity TranZman Weak Cryptography (Static XOR)
CVE-2025-63912 - Cohesity TranZman Weak Cryptography (Static XOR) - CVE-2025-63912.md
๐จ CVE-2025-67840
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). The appliance directly concatenates user-controlled parameters into system commands without sufficient sanitisation, allowing an authenticated admin user to inject and execute arbitrary OS commands with root privileges. An attacker can intercept legitimate requests (e.g. during job creation or execution) using a proxy and modify parameters to include shell metacharacters, achieving remote code execution on the appliance. This completely bypasses the intended CLISH restricted shell confinement and results in full system compromise. The vulnerabilities persist in Release 4.0 Build 14614 including the latest patch (as of the time of testing) TZM_1757588060_SEP2025_FULL.depot.
๐@cveNotify
Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4.0 Build 14614 through TZM_1757588060_SEP2025_FULL.depot web application API endpoints (including Scheduler and Actions pages). The appliance directly concatenates user-controlled parameters into system commands without sufficient sanitisation, allowing an authenticated admin user to inject and execute arbitrary OS commands with root privileges. An attacker can intercept legitimate requests (e.g. during job creation or execution) using a proxy and modify parameters to include shell metacharacters, achieving remote code execution on the appliance. This completely bypasses the intended CLISH restricted shell confinement and results in full system compromise. The vulnerabilities persist in Release 4.0 Build 14614 including the latest patch (as of the time of testing) TZM_1757588060_SEP2025_FULL.depot.
๐@cveNotify
Cohesity
AI-powered data security and management | Cohesity
Cohesity gives you both data security and data management. Defend against ransomware with immutable backup, AI-based early threat detection, and rapid data recovery.
๐จ CVE-2026-3194
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
๐@cveNotify
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
๐@cveNotify
GitHub
GitHub - Danimlzg/chia-rpc-auth-bypass: Chia Network RPC - Authentication Bypass, CSRF, and Master Passphrase Lock Bypass. Remoteโฆ
Chia Network RPC - Authentication Bypass, CSRF, and Master Passphrase Lock Bypass. Remote fund theft + seed extraction via RPC. - Danimlzg/chia-rpc-auth-bypass
๐จ CVE-2026-24005
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with PodProbeMarker creation permission can specify arbitrary Host values to trigger SSRF from the node, perform port scanning, and receive response feedback through NodePodProbe status messages. Versions 1.8.3 and 1.7.5 patch the issue.
๐@cveNotify
Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with PodProbeMarker creation permission can specify arbitrary Host values to trigger SSRF from the node, perform port scanning, and receive response feedback through NodePodProbe status messages. Versions 1.8.3 and 1.7.5 patch the issue.
๐@cveNotify
GitHub
restrict host field in probe (#2309) ยท openkruise/kruise@94364b7
Signed-off-by: ๅฎ่พฐ <shouchen.zz@alibaba-inc.com>
๐จ CVE-2019-25434
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
๐@cveNotify
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
๐@cveNotify
Nsauditor
Network Security Auditing Tools | Nsauditor
Discover powerful network security auditing software for administrators. Nsauditor provides tools for product key recovery, password recovery, and network inventory.
๐จ CVE-2026-3192
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
๐@cveNotify
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
๐@cveNotify
GitHub
GitHub - Danimlzg/chia-rpc-auth-bypass: Chia Network RPC - Authentication Bypass, CSRF, and Master Passphrase Lock Bypass. Remoteโฆ
Chia Network RPC - Authentication Bypass, CSRF, and Master Passphrase Lock Bypass. Remote fund theft + seed extraction via RPC. - Danimlzg/chia-rpc-auth-bypass
๐จ CVE-2026-3193
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
๐@cveNotify
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
๐@cveNotify
GitHub
GitHub - Danimlzg/chia-rpc-auth-bypass: Chia Network RPC - Authentication Bypass, CSRF, and Master Passphrase Lock Bypass. Remoteโฆ
Chia Network RPC - Authentication Bypass, CSRF, and Master Passphrase Lock Bypass. Remote fund theft + seed extraction via RPC. - Danimlzg/chia-rpc-auth-bypass
๐จ CVE-2026-3395
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.
๐@cveNotify
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.
๐@cveNotify
GitHub
GitHub - maxsite/cms: MaxSite CMS. Free CMS for your website. Smart alternative to WordPress
MaxSite CMS. Free CMS for your website. Smart alternative to WordPress - maxsite/cms
๐จ CVE-2025-15597
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure.
๐@cveNotify
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure.
๐@cveNotify
GitHub
GitHub - dataease/SQLBot: ๐ฅ ๅบไบๅคงๆจกๅๅ RAG ็ๆบ่ฝ้ฎๆฐ็ณป็ป๏ผๅฏน่ฏๅผๆฐๆฎๅๆ็ฅๅจใText-to-SQL Generation via LLMs using RAG.
๐ฅ ๅบไบๅคงๆจกๅๅ RAG ็ๆบ่ฝ้ฎๆฐ็ณป็ป๏ผๅฏน่ฏๅผๆฐๆฎๅๆ็ฅๅจใText-to-SQL Generation via LLMs using RAG. - dataease/SQLBot
๐จ CVE-2026-29121
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.
๐@cveNotify
International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.
๐@cveNotify
gtfobins.org
ip | GTFOBins
Living off the land using "ip".
๐จ CVE-2026-3386
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
0122/i1219/repro at main ยท oneafter/0122
Contribute to oneafter/0122 development by creating an account on GitHub.
๐จ CVE-2026-3387
A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
0122/i1220/repro at main ยท oneafter/0122
Contribute to oneafter/0122 development by creating an account on GitHub.
๐จ CVE-2026-3388
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
[Bug] Stack-overflow in SQCompiler::Factor parsing deep unary expressions ยท Issue #312 ยท albertodemichelis/squirrel
Description We discovered a Stack-overflow vulnerability in the Squirrel compiler. The crash occurs when parsing a script containing a deeply nested sequence of unary operators (e.g., !!!!!!...). T...
๐จ CVE-2026-3389
A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
[Bug] NULL Pointer Dereference (WRITE) in sqstd_rex_newnode during regex compilation ยท Issue #314 ยท albertodemichelis/squirrel
Description We discovered a Segmentation Fault in the Squirrel standard library (regex module). The crash occurs in sqstd_rex_newnode when compiling a specifically crafted regular expression. The A...
๐จ CVE-2026-3390
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
GitHub - FascinatedBox/lily: Interpreted language focused on expressiveness and type safety.
Interpreted language focused on expressiveness and type safety. - FascinatedBox/lily
๐จ CVE-2026-3394
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local position. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local position. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
GitHub - jarikomppa/soloud: Free, easy, portable audio engine for games
Free, easy, portable audio engine for games. Contribute to jarikomppa/soloud development by creating an account on GitHub.