Blog - Page 9 of 21 - Threat-Modeling.com

SolarWinds Serv-U and Web Help Desk Denial of Service (CVE-2026-28318, CVE-2026-28299): Unauthenticated Service Crash via Crafted Requests

June 4, 2026 by nick

Two denial-of-service vulnerabilities have been disclosed in SolarWinds products, tracked as CVE-2026-28318 and CVE-2026-28299. Both allow unauthenticated attackers to crash services through specially crafted requests. … Read More

FOSSBilling Password Reset Token Exposure (CVE-2026-43926): Reset Confirmation Endpoint Leaks Token Hash

June 4, 2026 by nick

A vulnerability in FOSSBilling, the open-source billing and client management system, tracked as CVE-2026-43926, exposes password reset tokens through the confirmation endpoint at /client/reset-password-confirm/:hash. Versions … Read More

Perl Cpanel::JSON::XS Type Confusion (CVE-2026-9334): Duplicate Object Keys Bypass Validation When dupkeys_as_arrayref Is Enabled

June 4, 2026 by nick

A type confusion vulnerability in the Perl Cpanel::JSON::XS module, tracked as CVE-2026-9334, allows attackers to bypass JSON validation when dupkeys_as_arrayref is enabled. Versions before 4.41 … Read More

React Router Remote Code Execution and SSRF (CVE-2026-42211, CVE-2026-42342): Critical Framework Vulnerabilities Affecting React Applications

June 4, 2026 by nick

Two critical vulnerabilities have been disclosed in React Router, the standard routing library for React applications used by millions of projects, tracked as CVE-2026-42211 (CVSS … Read More

Go x509 Certificate Hostname Verification Vulnerability (CVE-2026-27145): Wildcard Matching via SAN Loop Causes Incorrect Validation

June 4, 2026 by nick

A vulnerability in Go’s x509 certificate verification, tracked as CVE-2026-27145, causes incorrect hostname validation when a certificate contains multiple DNS Subject Alternative Name (SAN) entries. … Read More

AIOHTTP Cookie Leakage on Redirect (CVE-2026-47265): Cookies Sent to Redirected Domains in Python Async HTTP Client

June 4, 2026 by nick

A vulnerability in AIOHTTP, the popular asynchronous HTTP client/server framework for Python, tracked as CVE-2026-47265 (CVSS 7.5 High), causes cookies set with the cookies parameter … Read More

elixir-mint HTTP Request Smuggling and CRLF Injection (CVE-2026-48861, CVE-2026-49753): Critical Web Security Flaws in Elixir HTTP Client

June 4, 2026 by nick

Two critical web security vulnerabilities have been disclosed in elixir-mint, the HTTP client library for the Elixir programming language, tracked as CVE-2026-48861 (CVSS 9.1 Critical) … Read More

MISP Threat Intelligence Platform Vulnerabilities (CVE-2026-10868, CVE-2026-10864, CVE-2026-10861): Mass Assignment, Information Disclosure, and Open Redirect

June 4, 2026 by nick

Three vulnerabilities have been disclosed in MISP, the widely deployed open-source threat intelligence sharing platform, tracked as CVE-2026-10868 (CVSS 9.8 Critical), CVE-2026-10864 (CVSS 7.5 High), … Read More

LibreChat MCP and Access Control Vulnerabilities (CVE-2026-32625, CVE-2026-44653, CVE-2026-31942): Environment Variable Injection, Permission Bypass, and IDOR

June 4, 2026 by nick

Three vulnerabilities have been disclosed in LibreChat, the open-source ChatGPT clone supporting multiple AI providers, tracked as CVE-2026-32625 (CVSS 9.8 Critical), CVE-2026-44653 (CVSS 7.5 High), … Read More

morgan HTTP Logger CRLF Injection (CVE-2026-5078): Log Injection via Basic Auth Username in Node.js Middleware

June 4, 2026 by nick

A CRLF injection vulnerability in the morgan HTTP request logger for Node.js, tracked as CVE-2026-5078, allows attackers to inject arbitrary log entries by supplying crafted … Read More

My Latest Threat Modeling Articles

Threat Modeling and Security by Design