24h | 7d | 30d

Overview

  • CHORNY
  • Apache::Session
  • Apache-Session

08 May 2026
Published
08 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

RE: infosec.exchange/@nyanbinary/1

Oh god...
nvd.nist.gov/vuln/detail/CVE-2

2013
Published 2026-05-08

Edit: Hm, apparently the year-field doesn't actually relate to the date it was reserved, TIL

  • 0
  • 2
  • 0
  • 11h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
27 Apr 2026
Updated

CVSS v3.1
LOW (3.7)
EPSS
0.04%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent('\x00') correctly produces the safe sequence %00, the charMap entry '%00': '\x00' converts it back to a raw null byte. Primary impact is limited because the standard axios request flow is not affected. This vulnerability is fixed in 1.15.1 and 0.31.1.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Bluesky

Profile picture fallback
🚨 New LOW CVE detected in AWS Lambda 🚨 CVE-2026-42040 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/512 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 2
  • 0
  • 10h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
24 Apr 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.10%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-42044 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/511 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 2
  • 0
  • 10h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
27 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.4)
EPSS
0.04%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-42042 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/510 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 2
  • 0
  • 10h ago

Overview

  • ruby
  • json

20 Mar 2026
Published
23 Mar 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.04%

KEV

Description

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 10 hours ago

Bluesky

Profile picture fallback
🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-33210 impacts json in 1 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/513 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 2
  • 0
  • 10h ago

Overview

  • Google
  • Chrome

28 Apr 2026
Published
30 Apr 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-7363 googleのchromeの脆弱性について Google Chrome の Canvas における use-after-free の脆弱性により、Linux および ChromeOS 向けの 147.0.7727.138 未満の Chrome で、
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Google
  • Chrome

28 Apr 2026
Published
30 Apr 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-7354 googleのchromeの脆弱性について Google Chrome の 147.0.7727.138 より前のバージョンにおいて、Angle に境界外読み取りおよび境界外書き込みの脆弱性が存在します。
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Termix-SSH
  • Termix

08 May 2026
Published
08 May 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.07%

KEV

Description

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed via ssh2.Client.exec() on remote managed servers without any sanitization or validation. An authenticated attacker can inject arbitrary OS commands by crafting a malicious container ID, achieving Remote Code Execution on any managed server. This issue has been patched in version 2.1.0.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-42454 in Termix-SSH (<2.1.0) enables authenticated users to inject OS commands via the containerId parameter, risking remote code execution on managed servers. Patch to 2.1.0 ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • orneryd
  • NornicDB

08 May 2026
Published
08 May 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%

KEV

Description

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: orneryd NornicDB (<1.0.42-hotfix) exposes Bolt server on all LAN interfaces with default admin creds (admin:password). Full DB compromise possible! Upgrade to 1.0.42-hotfix now. CVE-2026-42072 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Google
  • Chrome

28 Apr 2026
Published
29 Apr 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-7344 googleのchromeの脆弱性について Google Chrome for Windows の 147.0.7727.138 より前のバージョンには、Accessibility における Use after free の脆弱性が存在します。
  • 0
  • 0
  • 0
  • 11h ago
Showing 11 to 20 of 48 CVEs