Skip to main content
CVE-2026-12566 LOW POC PATCH GHSA Monitor

Authentication token leakage in Black Lantern Security's bbot docker_pull module exposes Docker credentials to MITM attackers who can substitute the realm parameter in a forged WWW-Authenticate Bearer challenge. When bbot contacts a Docker registry and receives a 401 response, the vulnerable module blindly trusts the attacker-supplied realm URL and forwards authentication material to an arbitrary endpoint outside the legitimate registry domain. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but an upstream patch commit is available on GitHub.

SSRF Docker Bbot
NVD GitHub
CVSS 3.1
3.1
EPSS
0.2%
CVE-2026-12567 LOW POC PATCH GHSA Monitor

Symlink-following path traversal in BBOT's github_workflows module (all versions prior to commit 16d9c42b6) allows a local attacker sharing the scan output directory to redirect workflow artifact writes to an attacker-chosen filesystem location. By planting a symlink at the predictable output path (output_dir/owner/repo) before a scan runs, the attacker causes BBOT to write GitHub workflow data outside the intended directory, achieving a limited file-write primitive. No public exploit is identified at time of analysis, and CVSS rates this Low (2.2) reflecting the high-complexity, local-only, victim-triggered attack surface.

Information Disclosure Bbot
NVD GitHub
CVSS 3.1
2.2
EPSS
0.1%
CVE-2026-11525 LOW PATCH GHSA Monitor

SameSite attribute parsing in undici's cookie implementation uses substring matching instead of the case-insensitive exact match required by RFC 6265, enabling a malicious or non-compliant upstream server to silently downgrade a cookie's SameSite enforcement to a more permissive value. All undici installations from v5.15.0 onward through the unpatched release branches are affected when consuming Set-Cookie headers via undici's fetch or proxy code paths and forwarding or relying on the parsed sameSite attribute. No public exploit has been identified and no CISA KEV listing exists at time of analysis; however, the integrity impact is concrete in architectures where SameSite policy enforcement is delegated to the parsed cookie attribute.

Information Disclosure Undici
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-6733 LOW PATCH GHSA Monitor

Response queue poisoning in Undici's HTTP/1.1 client allows an attacker-controlled or compromised upstream server to inject unsolicited HTTP responses onto idle keep-alive sockets, causing subsequent outbound requests to receive falsified responses. All Undici versions across the v6, v7, and v8 branches prior to the patched releases are affected when keep-alive connection reuse is active (the default). While the CVSS score is low (3.7) and no public exploit or KEV listing exists, the integrity impact can carry significant business logic consequences in applications that proxy requests through third-party or partially trusted upstream servers.

Code Injection Undici
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-0057 LOW Monitor

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Information Disclosure
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-12458 LOW PATCH Monitor

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure Microsoft Office
NVD VulDB
CVSS 3.1
3.1
EPSS
0.3%
CVE-2026-39199 LOW Monitor

Out-of-bounds write in snes9x 1.63's UPS patch file parser allows a crafted .ups ROM patch file to trigger memory corruption and a denial-of-service crash. The flaw resides in the ReadUPSPatch loop in memmap.cpp, where the loop iterator `relative` was not bounded against CMemory::MAX_ROM_SIZE, permitting writes past the end of the allocated ROM buffer. Impact is limited to availability (crash) per the CVSS vector, though the underlying CWE-787 out-of-bounds write class carries broader memory-safety implications. No public exploit identified at time of analysis, and CVSS rates this Low (2.9) due to local attack vector and high complexity.

Denial Of Service Memory Corruption Buffer Overflow Snes9X
NVD GitHub VulDB
CVSS 3.1
2.9
EPSS
0.1%
CVE-2026-54327 LOW PATCH GHSA Monitor

Credential disclosure in Pi coding agent affects all versions of @mariozechner/pi-coding-agent (>=0.28.0, <=0.73.1) and @earendil-works/pi-coding-agent (>=0.74.0, <0.78.1) due to a TOCTOU race condition in auth.json file writes. The credential storage code wrote auth.json with umask-inherited permissions and only subsequently tightened the mode to owner-only, leaving a brief window in which a local user with directory traverse access could read API keys, OAuth access tokens, and OAuth refresh tokens. This is not remotely exploitable; no public exploit identified at time of analysis, and the vendor CVSS of 2.2 reflects the strict local and timing prerequisites.

Crowdstrike Information Disclosure
NVD GitHub
CVSS 3.1
2.2
EPSS
0.1%
CVE-2026-50268 LOW PATCH GHSA Monitor

Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0 silently downgrades RSA encryption from OAEP to PKCS#1 v1.5 when operators explicitly configure `encrypt:rsa:algorithm=OAEP`. The root cause is an incorrect BouncyCastle transformation string in `RsaKeyStoreDecryptor.cs` - the `OAEP` branch passed `"RSA/ECB/PKCS1"` to `CipherUtilities.GetCipher()` instead of the correct `"RSA/NONE/OAEPWithSHA1AndMGF1Padding"`, meaning both the `OAEP` and `DEFAULT` settings silently selected the same weaker algorithm. No public exploit is identified at time of analysis, and CVSS scores this at 1.9 (Low) given the high-privilege local attack vector; however, the security consequence is a cryptographic guarantee failure that exposes encrypted configuration secrets to Bleichenbacher-class padding oracle attacks that OAEP was chosen to prevent.

Information Disclosure Steeltoe Configuration Encryption
NVD GitHub
CVSS 3.1
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy