CVE Daily Brief — 2026-07-06
This post contains content not supported on old Reddit. Click here to view the full post
This post contains content not supported on old Reddit. Click here to view the full post
CVE ID: CVE-2026-12250 Severity: HIGH | CVSS Score: 7.9/10
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.
This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-14689 Severity: MEDIUM | CVSS Score: 6.3/10
A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-14685 Severity: LOW | CVSS Score: 3.3/10
A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded ye
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-14570 Severity: UNKNOWN
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery.
"Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values."
An attacker who collects a modest number o
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-14684 Severity: LOW | CVSS Score: 3.3/10
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-14695 Severity: HIGH | CVSS Score: 7.3/10
A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
This post contains content not supported on old Reddit. Click here to view the full post
CVE ID: CVE-2025-13475 Severity: LOW | CVSS Score: 3.5/10
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.
This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify informa
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-50160 Severity: CRITICAL | CVSS Score: 10/10
Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The global NestJS ValidationPipe is configured without whitelist: true, so extra properties on the request body that are not declared in SaveOnboardingConfigRequest are not stripped and are iterated in the service layer as if they were legitimate InfraConfig entries. Because keys s
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2024-1248 Severity: MEDIUM | CVSS Score: 4.8/10
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.
Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When the
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
This post contains content not supported on old Reddit. Click here to view the full post
CVE ID: CVE-2026-9145 Severity: MEDIUM | CVSS Score: 6.5/10
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() function in versions up to, and including, 1.5.1. The function reads raw_value from Elementor Pro's Form_Record object for upload-type fields and passes it directly to PHP's copy() without validating that the value corresponds to a legitimately uploaded file — when no file is present in $_FILES, raw_value reflects the attacker-controlled POST string. copy(
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
This post contains content not supported on old Reddit. Click here to view the full post
CVE ID: CVE-2025-71342 Severity: HIGH | CVSS Score: 8.1/10
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2025-71343 Severity: HIGH | CVSS Score: 8.1/10
picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-10536 Severity: UNKNOWN
A use-after-free vulnerability exists in libcurl when an application
configures an HTTP/2 stream-dependency tree via CURLOPT_STREAM_DEPENDS or
CURLOPT_STREAM_DEPENDS_E, subsequently invokes curl_easy_reset(), and
finally terminates the handle with curl_easy_cleanup(). During this final
cleanup phase, libcurl attempts to access and modify an internal structure
that was already freed during the reset operation.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
CVE ID: CVE-2026-14605 Severity: HIGH | CVSS Score: 7.8/10
A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.
This post contains content not supported on old Reddit. Click here to view the full post
CVE ID: CVE-2022-4990 Severity: UNKNOWN
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.
Discussion thread created via CVE Daily tracker. Share your analysis, PoCs, mitigations and detections below.