Latest AppSec news
Security news teams can act on.
New vulnerabilities, incidents, and software security updates with plain context for what to check next.
Latest queue
Recent stories
- simple-git patches RCE via --config option injection`simple-git` blocked `-c` but not `--config`. Attacker-controlled options can set `protocol.ext.allow=always` and trigger `ext::` clone RCE. Fixed in `3.36.0`.
- AWS Ops Wheel fixes JWT signature verification auth bypassAWS Ops Wheel v2 skipped JWT signature verification, letting unauthenticated callers forge admin tokens. Fixed in PR `#164`; redeploy latest.
- Axios fixes NO_PROXY bypass via 127.0.0.0/8 loopback`axios` `shouldBypassProxy()` recognized only `127.0.0.1` as loopback. Attacker-controlled URLs can use `127.0.0.2` to bypass `NO_PROXY`. Fixed in 1.15.1/0.31.1.
- Malicious Bitwarden CLI npm release steals cloud and GitHub secrets`@bitwarden/[email protected]` fetched a Bun runtime, executed a credential-stealing payload, then pivoted through GitHub tokens to propagate via Actions.
- Clerk SDKs fix createRouteMatcher middleware bypass`createRouteMatcher` in `@clerk/nextjs`, `@clerk/nuxt`, `@clerk/astro` can be bypassed by crafted requests. Fixed in 5.7.6/6.39.2/7.2.1 and corresponding Nuxt/Astro/Shared releases.
- Dgraph patches pre-auth DQL injection via upsert cond`dgraph` `< 25.3.3` lets unauthenticated clients inject DQL via upsert `cond`, turning a mutation into full-database reads. CVSS 9.1.
- Electerm patches install-time command injection on Linux`electerm` `runLinux()` builds an `exec("rm -rf ...")` string with attacker-controlled remote version data. Affected `< 3.3.8`. CVSS 9.8.
- Kyverno patches ServiceAccount token leak via apiCallKyverno `ClusterPolicy` `apiCall` can attach the admission controller ServiceAccount token to arbitrary outbound HTTP requests. Fixed in `1.16.4` and `1.17.2-rc1`.
- OBI fixes privileged Java agent TMPDIR host file overwriteOBI Java agent injection trusted workload `TMPDIR`, letting local attackers escape `/proc/<pid>/root` and clobber host files via symlinks. Fixed in `0.8.0`.
- Helix Core flags insecure defaults exposing source code depotsP4 Server `<= 2025.2`: insecure defaults (including built-in `remote` user) enable unauth user creation and depot reads on exposed instances. CVSS 8.8.
More headlines
Keep scanning
- Spring Boot 4.0.x default security silently drops all authorization
- Three delegated-metadata flaws patched in tough and tuftool
- Traefik StripPrefixRegex path desync bypasses ForwardAuth entirely
- Checkmarx KICS supply chain pushes credential-stealing code via Docker and IDE
- Contour patches Lua injection in cookie rewriting policies
- Hackage-server mitigates stored XSS enabling maintainer session hijack
- Mako fixes path traversal arbitrary file read in TemplateLookup
- Patches critical heap corruption in Noir Brillig foreign calls
- Paperclip patches unauthenticated RCE via import authorization bypass
- Patches unauthenticated command execution in rclone RC fsinfo
- LogScale patches unauthenticated path traversal arbitrary file read
- Patches WAF bypass and command injection in MOVEit WAF
- Patches critical dependency vulns across Confluence and Jira
- ERB patches deserialization guard bypass enabling code execution
- Patches SSRF timing side-channel secret leak in GitHub Enterprise Server
- Debian patches opam sandbox escape via .install path traversal
- Patches unauthenticated compromise risk in Oracle HTTP Server
- Command injection in ASUSTOR ADM PPTP VPN client enables RCE
- AWS patches key commitment policy bypass in Encryption SDK for Python
- Claude Code patches symlink sandbox escape enabling arbitrary file writes
- Active exploitation reported for Langflow missing-auth monitoring APIs
- SGLang rerank endpoint enables RCE via malicious GGUF templates
- Patches WebFlux disk exhaustion and cache poisoning in Spring Framework
- Vercel confirms breach via compromised OAuth app
- KodExplorer public share handler vulnerable to path traversal
- Blocklist bypass enables host RCE in terminal-controller MCP
- EditorConfig core library fixes ec_glob stack overflow crash
- Flowise patches unauthenticated RCE in Airtable Agent node
- OAuth email verification bypass enables Nhost account takeover
- EFS CSI Driver fixes mount option injection in Kubernetes
- Patches critical auth bypass in FastGPT password login
- Firebird patches path traversal engine loader enabling code execution
- Hot Chocolate patches stack-overflow DoS in GraphQL parser
- JWT validation bypass in Kafka OAUTHBEARER authentication fixed
- PAC4J patches CSRF token hash-collision bypass
- protobufjs patches schema-driven code generation RCE
- Patches critical Thymeleaf SSTI protection bypass
- Vault fixes token exposure to auth plugin backends
- Injected backdoor in WordPress plugin enables persistent compromise
- YouTrack patches sandbox bypass enabling privileged-user RCE
- Sandbox escape in Cortex Code CLI enables local code execution
- Fastify middie patches child-scope middleware auth bypass
- SAML assertion bypass lets attackers mint Cloud Foundry UAA tokens
- High-severity XXE disclosed across multiple WSO2 products
- Dgraph fixes unauthenticated pprof token leak enabling admin takeover
- Fastify patches Content-Type whitespace schema validation bypass
- Fastify Express plugin patches middleware path-doubling auth bypass
- Fastify proxy plugins patch Connection header security bypass
- Nexus Repository patches hard-coded credential enabling unauthenticated commands
- CI workflow RCE disclosed in OWASP BLT GitHub Actions
- Composer patches Perforce command injection via malicious package metadata
- Jetty patches HTTP request smuggling via chunk extensions
- LDAP disabled-user auth bypass fixed in OpenStack Keystone
- OAuth2 Proxy patches auth_request health-check auth bypass
- Patches critical expression-injection RCE in OpenRemote rules engine
- SQL injection chain enables control-panel RCE in Craft Commerce
- SSRF fixed in Foxit PDF Services API URL handling
- Unauthenticated RCE fixed in Google Agent Development Kit
- jq patches HashDoS CPU exhaustion via hardcoded hash seed
- Kali Forms unauthenticated RCE is under active exploitation
- Keras safe_mode bypass enables code execution via .keras models
- Authenticated settings abuse enables server-side code execution in LibreNMS
- simple-git patches Git option-parsing bypass enabling command execution
- Hex audit reports deserialization RCE risk and CI/CD weaknesses
- Message deserialization XSS in lollms enables session hijack
- Mesa patches WebGPU alloca-sized out-of-bounds access
- Apache Storm patches unsafe deserialization RCE in storm-client
- Adobe patches exploited prototype pollution RCE in Acrobat/Reader
- Command injection yields unauthenticated RCE in aws-mcp-server
- DLL hijacking in EmoCheck enables local code execution
- Gleam fixes git dependency path traversal file overwrite
- GNU tar desync lets archives inject hidden files on extract
- Canvas auth bypass exposes OpenClaw gateway endpoints
- Roundcube fixes pre-auth file write via session deserialization
- Reflected XSS in Rukovoditel CRM enables session compromise
- Arcane patches unauthenticated SSRF in template fetch endpoint
- Axios patches header injection gadget enabling IMDSv2 cloud credential theft
- BuddyPress Groupblog enables Multisite admin escalation via role injection
- Predictable reset tokens enable Chamilo account takeover
- Unauthenticated Cockpit RCE via SSH argument injection
- Juju fixes CloudSpec auth flaw leaking cloud credentials
- Path traversal in SMB CSI driver risks destructive SMB cleanup
- LiteLLM guardrails endpoint sandbox escape enables authenticated RCE
- Log4j fixes TLS hostname verification bypass in <Ssl> config
- Log4j patches XmlLayout XML-sanitization bug causing log loss
- lollms patches stored XSS enabling admin account takeover
- qsort stack corruption in musl risks 32-bit code execution
- OpenClaw patches .npmrc override leading to install-time code execution
- Orthanc fixes DICOM parsing flaws enabling DoS and potential RCE
- PraisonAI patches unauthenticated WebSocket proxy credit drain
- Path traversal in PraisonAI recipe unpack enables file overwrite
- Unauthenticated SSRF in PraisonAI Jobs API via webhook_url
- Zip Slip path traversal fixed in Quarkus OpenAPI Generator
- OIDC login bypass skips TOTP, enabling Vikunja 2FA bypass
- PKCS#7 AES-GCM tag truncation enables auth bypass in wolfSSL
- wolfSSL patches OpenSSL-compat X.509 chain verification bypass
- Auth bypass enables admin takeover in WordPress Azure AD SSO
- Arbitrary file deletion bug impacts wpForo Forum WordPress plugin
- Eavesdrop bypass in xdg-dbus-proxy exposes session bus messages
- Axios patches NO_PROXY normalization bypass enabling SSRF
- CrewAI patches prompt-injection paths to RCE and SSRF
- go-getter patches Git URL injection enabling arbitrary file reads
- Critical ACL bypass fixed in goshs state-changing routes
- Helm patches plugin path traversal enabling arbitrary file writes
- LXD patches backup-import restriction bypass enabling host compromise
- OpenCTI patches notifier-template EJS injection enabling RCE
- SiYuan patches zero-click NTLM hash leak via Mermaid rendering
- Spring Cloud Gateway fixes silent SSL bundle bypass
- Tomcat patches CLIENT_CERT authentication soft-fail bug
- Tomcat patches CBC padding oracle in EncryptInterceptor
- Wasmtime patches Winch compiler sandbox-escaping memory access
- Anthropic launches Project Glasswing with AI model 'too dangerous to release' that found thousands of zero-days
- Patches FTP command injection in basic-ftp path handling
- CI4MS patches install-route re-entry enabling .env overwrite
- Patches unauthenticated GraphQL DoS in GitLab CE/EE
- GitLab patches websocket access-control bug exposing server methods
- Jetty patches JASPI ThreadLocal auth context leak
- Logstash fixes GeoIP update path traversal file write
- Marimo patches pre-auth RCE in terminal WebSocket
- Movable Type security update fixes Listing Framework RCE
- Symlink-following bug in Nix enables root file overwrite
- Unauthenticated file upload enables Quick Playground WordPress RCE
- React patches Server Function DoS in React Server Components
- XWiki patches scripting API sandbox bypass enabling instance takeover
- Botan patches certificate verification bypass via trust anchor confusion
- Decorator ordering disables auth on changedetection.io backup routes
- dbt workflow command injection enables CI runner code execution
- Unauthenticated PHP object injection disclosed in Everest Forms
- Firecracker patches virtio-pci OOB write with host escape risk
- lollms fixes weak JWT signing key enabling admin token forgery
- Patches pre-auth RCE in OpenAM jato.clientSession deserialization
- Rack::Session fixes secretless session cookie forgery fallback
- Strawberry GraphQL patches WebSocket subscription auth bypass
- Transfer-Encoding case mismatch desyncs Tinyproxy, risking backend DoS
- Vite fixes dev-server WebSocket arbitrary file read
- Unauthenticated AJAX enables Users manager privilege escalation via user meta
- Amelia patches externalId IDOR enabling WordPress account takeover
- AWS RES fixes command injection and privilege escalation flaws
- Code Marketplace patches Zip Slip path traversal on VSIX upload
- Dgraph patches unauthenticated restoreTenant admin mutation takeover
- Directus patches concealed-field leaks via aggregate queries
- Pull-through cache bug leaks upstream registry credentials
- GitHub Actions injection enables Emissary repo and release poisoning
- JWT algorithm confusion returns in fast-jwt, enabling auth bypass
- Critical RCE fixed in Kedro logging configuration
- Ninja Forms File Uploads patches unauthenticated arbitrary file upload
- SandboxJS patches critical sandbox escape via global object mutation
- SQL injection bypasses eDirectory admin auth, exposes PHP files
- Laravel File Manager flaw enables authenticated file-upload RCE
- Malicious @not-nemo/crypto-tracker npm releases execute commands
- Unauthenticated RCE disclosed in Pegasus CMS extra_fields plugin
- phpBB Phar upload/deserialization bug enables authenticated remote code execution
- Code injection in premsql followup worker enables code execution
- React2Shell exploitation steals cloud and database secrets from Next.js
- Malicious Strapi plugin packages deliver Redis/Postgres exploitation payloads
- Command injection enables VA MAX remote code execution
- Venueless fixes cross-world user deletion via API isolation bug
- Electron patches context isolation bypass via bridged VideoFrames
- FortiClient EMS hotfixes exploited API auth bypass
- Mobile MCP patches arbitrary Android intent execution via URL schemes
- Malicious PyPI package backdoors installs via remote code download
- ProfilePress patches membership payment bypass via checkout authorization flaw
- AI PR campaign abuses pull_request_target to steal CI secrets
- Athena ODBC driver patched for command injection and OOB write
- Budibase patches stored XSS in Builder command palette
- Patches unauthenticated RCE via Budibase webhook-triggered Bash step
- Patches stored XSS in Exchange Reporter Plus permission report
- FastMCP patches OAuth proxy confused deputy vulnerability
- Kestra patches critical SQL injection RCE in flows search
- LiteLLM patches OIDC cache key collision auth bypass
- MLflow job APIs bypass basic-auth, enabling unauthenticated code execution
- OAuthenticator patches Auth0 email-claim authentication bypass
- Auth bypass grants full MCP tool access in PraisonAI
- Command injection in pymetasploit3 can run arbitrary Metasploit commands
- Signal patches decrypted attachment exfiltration via Intent redirection
- Malicious Strapi npm plugin steals secrets and opens C2
- Malicious `supervisors` PyPI release fetches payload via Solana
- Tornado patches cookie attribute injection in set_cookie validation
- Patches unauthenticated stored XSS in Visitor Traffic Statistics
- vLLM patches OOM DoS via unbounded n parameter
- WCFM patches vendor IDOR enabling cross-store order tampering
- TTS WordPress plugin patches hardcoded telemetry database credentials
- Patches path traversal file deletion in wpForo
- Critical SSRF fixed in Azure Databricks service
- FastMCP patches critical SSRF via OpenAPI path traversal
- Critical insecure deserialization RCE fixed in Group-Office
- OneUptime patches SAML SSO multi-assertion auth bypass
- OneUptime patches unauthenticated workflow execution via ManualAPI
- Perfmatters path traversal enables arbitrary file deletion
- Poetry patches wheel path traversal enabling arbitrary file write
- Pre-auth RCE chain fixed in ShareFile Storage Zones Controller
- Wisp patches multipart parser limit bypass causing DoS
- Weak Auth0-PHP cookie encryption enables session cookie forgery
- Clerk patches SSRF that leaks Clerk-Secret-Key
- Missing JWT signature check enables Convoy SSO user impersonation
- DeerFlow patches host bash sandbox escape enabling command execution
- Signup can grant unauthenticated shell execution in File Browser
- Access check flaw exposes Joomla webservice endpoints
- Critical TLS auth bypass lets attackers join Juju controller database
- llama.cpp discloses unauthenticated RPC RCE via buffer=0 bypass
- Unauthenticated PHP code injection enables MetInfo CMS RCE
- Unauthenticated file move bug risks RCE in MW WP Form
- OpenEXR patches HTJ2K decoder overflow with potential code execution
- Password-reset flaw enables unauthenticated user impersonation in Payload
- Rack patches unbounded chunked multipart uploads causing disk DoS
- User-Agent trick leaks W3 Total Cache fragment security token
- LangChain Core patches path traversal file read in load_prompt
- Lodash fixes code injection in _.template imports
- Critical SQL injection fixed in MikroORM query construction
- OpenClaw patches critical SCP command injection in iMessage staging
- Permissive CORS enables cross-origin Electron RCE in SiYuan
- Malicious axios npm releases drop cross-platform RAT dependency
- MLflow patches model artifact command injection in local deploys
- Unauthenticated MCP endpoint enables remote Nginx takeover
- GitLab fixes Jira Connect credential leak enabling app impersonation
- Scope bug lets OpenClaw mint admin device tokens
- Iceberg REST catalog credentials leak via Trino query JSON
- Predictable session IDs in Perl HTTP::Session enable hijacking
- Bludit fixes authenticated file upload leading to RCE
- Unsafe RMI deserialization in dd-trace-java enables potential RCE
- Flannel patches Extension backend command injection enabling cluster-wide root RCE
- Foreman fixes WebSocket proxy command injection leading to RCE
- Handlebars patches critical AST injection leading to server RCE
- Replication-header injection can permanently brick MinIO S3 objects
- OIDC direct-callback flaw enables OpenBao token theft
- pyLoad patches authenticated SSRF enabling cloud metadata theft
- SOP and sandbox bypasses fixed in WebKitGTK/WPE WebKit
- BuildKit patches file escape via malicious custom frontend
- etcd patches authorization bypass in gRPC APIs
- Incus patches template sandbox bypass enabling host root read/write
- Saloon patches unsafe unserialize enabling PHP object injection
- SpEL injection in Spring AI SimpleVectorStore enables RCE
- High-severity XSS fixed in Hitachi Ops Center Analyzer
- Prototype pollution in n8n nodes can lead to RCE
- Unauthenticated SQL injection fixed in OpenCart product search
- Dagu patches API path traversal after incomplete prior fix
- Critical GitHub Actions shell injection fixed in Langflow workflows
- OIDC JWT confusion fixed in MinIO authentication
- Client-cert chain overflow can crash mod_gnutls servers
- CloneSite bug chain yields unauthenticated RCE in AVideo
- Graphiti patches arbitrary method execution in JSON:API write endpoints
- jsrsasign DSA verification bypass enables X.509 certificate forgery
- Critical SOAP API auth bypass patched in MantisBT on MySQL
- Unauthenticated OS command injection enables RCE in mbCONNECT24
- Tekton git resolver path traversal exposes resolver pod secrets
- Unauthenticated account destruction fixed in WP DSGVO Tools
- CloneSite path traversal enables arbitrary file deletion in AVideo
- ReviewX flaw enables unauthenticated limited remote code execution
- Trivy Docker images 0.69.5/0.69.6 confirmed compromised
- Unauthenticated SQL injection in WP Maps via orderby parameter
- i-doit CMDB arbitrary file download exposes configuration secrets
- libfuse patches io_uring use-after-free and daemon crash bugs
- pyOpenSSL patches DTLS cookie callback buffer overflow
- Malicious Trivy GitHub Actions releases trigger CI secret rotation
- Deno command injection in node:child_process bypasses permission sandbox
- SandboxJS critical sandbox escape to host code execution
- curl leaks OAuth bearer tokens on redirects when using .netrc
- OneUptime synthetic monitors enable probe-side RCE via Playwright
- Budibase webhook query-string trick bypasses all server-side auth
- Budibase patches critical PostgreSQL pg_dump command injection
- Go 1.26.1 and 1.25.8 ship five security fixes across stdlib
- GitHub Copilot CLI shell expansion bypass enables arbitrary code execution
- Pingora fixes critical HTTP request smuggling in HTTP/1.0 parsing
- pac4j-jwt authentication bypass via JWE-wrapped unsigned tokens
- Apache Artemis auth bypass enables message injection via rogue federation
- Zammad 6.5.x critical SQL injection via API endpoints
- Qwik patches unauthenticated RCE in server$ deserialization
- OpenStack Vitrage query-parser flaw enables service-host RCE
- Active exploitation campaign targeting weak GitHub Actions configurations
- Fastify middie patches path normalization auth bypass
- OCaml patches Marshal deserialization buffer over-read enabling RCE
- Hoppscotch patches unauthenticated config takeover on self-hosted instances
- OpenLIT patches critical GitHub Actions pull_request_target secret exposure
- Terraform Linode provider leaks passwords and TLS keys in debug logs
- n8n patches critical expression sandbox escape enabling RCE
- Cline CLI 2.3.0 supply-chain compromise via stolen npm token
- ImageMagick path-policy bypass exposes restricted files
- Apache Superset authorization bypass via dataset SQL overwrite
- Broadcom patches command injection and XSS in VMware Aria Operations
- Anthropic launches Claude Code Security for AI-assisted vulnerability scanning
- Critical Sentry SAML SSO flaw enables account takeover
- node-tar hardlink escape enables arbitrary file read/write
- Strimzi trusts all CAs in multi-CA chain for mTLS authentication
- Jenkins fixes stored XSS in node offline-cause description
- Red Hat ships Important Node.js 20 security update for RHEL 9.4
- npm package ambar-src flagged as malware - no patched version
- OpenSSF flags npm compass-e2e-tests as malicious
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.