#vulnerability

CVE-2026-27946: ZITADEL Authorization Bypass: Self-Verification of Email and Phone

ZITADEL Authorization Bypass: Self-Verification of Email and Phone Vulnerability ID: CVE-2026-27946 CVSS Score: 8.2 Published: 2026-02-27 A high-severity authorization bypass vulnerability in ZITADEL allows authenticated users to self-verify their ...

4m ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27734: Docker API Path Traversal in Beszel Agent via Unsanitized Input

Docker API Path Traversal in Beszel Agent via Unsanitized Input Vulnerability ID: CVE-2026-27734 CVSS Score: 6.5 Published: 2026-02-27 A path traversal vulnerability exists in the Beszel server monitoring agent, allowing authenticated users to acce...

34m ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27970: Angular i18n Pipeline: Stored XSS via Malicious ICU Message Attributes

Angular i18n Pipeline: Stored XSS via Malicious ICU Message Attributes Vulnerability ID: CVE-2026-27970 CVSS Score: 7.6 Published: 2026-02-27 A Cross-Site Scripting (XSS) vulnerability exists in the Angular internationalization (i18n) pipeline, spe...

1h ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27638: Actual Budget Sync Authorization Bypass (IDOR)

Actual Budget Sync Authorization Bypass (IDOR) Vulnerability ID: CVE-2026-27638 CVSS Score: 7.1 Published: 2026-02-27 A critical authorization flaw exists in Actual Budget's synchronization server, specifically affecting multi-user deployments. The...

2h ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27449: Unauthenticated Data Exposure via Broken Access Control in Umbraco Engage

Unauthenticated Data Exposure via Broken Access Control in Umbraco Engage Vulnerability ID: CVE-2026-27449 CVSS Score: 7.5 Published: 2026-02-27 A critical access control failure has been identified in Umbraco Engage (formerly uMarketingSuite), spe...

2h ago2 min read

AAbolFazlmp7y0.hashnode.dev

From Client Regex to Server Bug: We Hunted CORS and CSRF

Introduction CORS misconfigurations are everywhere. But spotting the real ones takes more than payloads — it takes understanding the trust model hidden beneath the surface. This is a short story of ho

18h ago4 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27969: Vitess Path Traversal via Backup Manifest Manipulation

Vitess Path Traversal via Backup Manifest Manipulation Vulnerability ID: CVE-2026-27969 CVSS Score: 9.3 Published: 2026-02-27 A critical path traversal vulnerability exists in the Vitess builtinbackupengine component, specifically within the backup...

5h ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2025-54418: CVE-2025-54418: Remote Code Execution in CodeIgniter 4 ImageMagick Handler

CVE-2025-54418: Remote Code Execution in CodeIgniter 4 ImageMagick Handler Vulnerability ID: CVE-2025-54418 CVSS Score: 9.8 Published: 2025-07-28 A critical OS command injection vulnerability exists in the ImageMagick handler of CodeIgniter 4 versi...

6h ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27904: The Infinite Loop of Doom: Unpacking CVE-2026-27904 in Minimatch

The Infinite Loop of Doom: Unpacking CVE-2026-27904 in Minimatch Vulnerability ID: CVE-2026-27904 CVSS Score: 7.5 Published: 2026-02-26 Minimatch, the ubiquitous JavaScript glob matcher that likely powers your entire build pipeline, has a nasty hab...

14h ago2 min read

ABAlon Baradcvereports.hashnode.dev

CVE-2026-27903: Minimatch Mayhem: How Two Asterisks Can Kill Your Node.js Server

Minimatch Mayhem: How Two Asterisks Can Kill Your Node.js Server Vulnerability ID: CVE-2026-27903 CVSS Score: 7.5 Published: 2026-02-26 A high-severity Regular Expression Denial of Service (ReDoS) vulnerability exists in the popular minimatch libra...

14h ago2 min read

Tag feed

Tag feed

#vulnerability

CVE-2026-27946: ZITADEL Authorization Bypass: Self-Verification of Email and Phone

CVE-2026-27734: Docker API Path Traversal in Beszel Agent via Unsanitized Input

CVE-2026-27970: Angular i18n Pipeline: Stored XSS via Malicious ICU Message Attributes

CVE-2026-27638: Actual Budget Sync Authorization Bypass (IDOR)

CVE-2026-27449: Unauthenticated Data Exposure via Broken Access Control in Umbraco Engage

From Client Regex to Server Bug: We Hunted CORS and CSRF

CVE-2026-27969: Vitess Path Traversal via Backup Manifest Manipulation

CVE-2025-54418: CVE-2025-54418: Remote Code Execution in CodeIgniter 4 ImageMagick Handler

CVE-2026-27904: The Infinite Loop of Doom: Unpacking CVE-2026-27904 in Minimatch

CVE-2026-27903: Minimatch Mayhem: How Two Asterisks Can Kill Your Node.js Server

#vulnerability

Search Hashnode

#vulnerability

CVE-2026-27946: ZITADEL Authorization Bypass: Self-Verification of Email and Phone

CVE-2026-27734: Docker API Path Traversal in Beszel Agent via Unsanitized Input

CVE-2026-27970: Angular i18n Pipeline: Stored XSS via Malicious ICU Message Attributes

CVE-2026-27638: Actual Budget Sync Authorization Bypass (IDOR)

CVE-2026-27449: Unauthenticated Data Exposure via Broken Access Control in Umbraco Engage

From Client Regex to Server Bug: We Hunted CORS and CSRF

CVE-2026-27969: Vitess Path Traversal via Backup Manifest Manipulation

CVE-2025-54418: CVE-2025-54418: Remote Code Execution in CodeIgniter 4 ImageMagick Handler

CVE-2026-27904: The Infinite Loop of Doom: Unpacking CVE-2026-27904 in Minimatch

CVE-2026-27903: Minimatch Mayhem: How Two Asterisks Can Kill Your Node.js Server