|
I'm a Cybersecurity Analyst and Threat Intelligence Specialist with hands-on experience in offensive security, threat hunting, and vulnerability research.
|
|
CVE-2026-23950 – Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
Component: node-tar
Affected Versions: ≤ v7.5.3
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Severity: HIGH (CVSS 8.8)
Disclosure Date: 2026-01-19
Current Status:PATCHED&DISCLOSEDReferences
CVE-2026-29091 – locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection
Component: locutus
Affected Versions: ≤ 2.0.39
CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (CVSS 8.1)
Disclosure Date: 2026-03-04
Current Status:PATCHED&DISCLOSEDReferences
CVE-2026-33487 – validateSignature Loop Variable Capture Signature Bypass in goxmldsig
Component: goxmldsig
Affected Versions: ≤ 1.5.9 CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH (CVSS 7.5)
Disclosure Date: 2026-03-18
Current Status:PATCHED&DISCLOSEDReferences
CVE-2026-33242 – Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Component: salvo
Affected Versions: >= 0.39.0 AND <= 0.89.2
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH (CVSS 7.5)
Disclosure Date: 2026-03-19
Current Status:PATCHED&DISCLOSEDReferences
