This page collects WhisperX intelligence signals tagged #vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the OpenBao Secrets Operator's main branch exposes systems to a resource exhaustion attack. The flaw, identified as GO-2024-2687, allows a malicious actor to force an HTTP/2 endpoint to process arbitrary, excessive amounts of header data by bombarding it with CONTINUATION frames. Th...
A critical severity vulnerability (CVE-2022-29078) has been identified in the ejs (Embedded JavaScript templates) package version 3.1.6 for Node.js. The vulnerability allows for server-side template injection via the `settings[view options][outputFunctionName]` parameter. This input is incorrectly parsed as an internal...
A security vulnerability has been identified in the main.py file of a software project. The issue involves insufficient input validation for the paddle speed parameter accepted from the command line. The current validation uses a regex pattern that only checks if the input consists of digits, but fails to enforce any r...
A security vulnerability has been identified in the main.py file of a project. The application accepts paddle speed directly from sys.argv[1] and attempts to validate it with a regex. This reliance on command-line input for game parameters, even with regex validation, exposes the application to security risks. Command-...
A critical security vulnerability has been publicly disclosed via a GitHub issue, posing a significant privilege escalation risk. The issue, classified with a CVSS score of 8.0 (CRITICAL), is categorized under CWE-269 (Improper Privilege Management) and OWASP A01:2021 (Broken Access Control). The flaw resides within an...
A critical security vulnerability has been identified in the 'Web_Server Service'. The flaw, classified as CWE-89 (SQL Injection) and falling under the OWASP A03:2021-Injection category, carries a CVSS score of 9.8, indicating a severe risk. The core issue is that the process does not sanitize user input, making it vul...
A reachable vulnerability has been identified in the openbao/openbao-secrets-operator repository on the main branch. The vulnerability is tracked as GO-2024-2687 and is fixed in version v0.23.0. The issue is an HTTP/2 CONTINUATION flood in the net/http package. An attacker can cause an HTTP/2 endpoint to read arbitrary...
The 34.2% reduction in shipping volumes at Algeciras (ESALG) suggests a systemic rerouting of maritime trade in the Mediterranean, likely catalyzed by the 'Insurance Wall' in the Strait of Hormuz and broader regional instabilities. This issue aims to correlate this throughput drop with NATO trade vulnerability and the ...
A security vulnerability has been identified in NASA's Planetary Data System (PDS) software. The issue resides in the `URLUtils.java` file within the `pds4-jparser` tool. Multiple instances of CWE-311 (Failure to use SSL) were flagged, specifically concerning the handling of SSO cookies. The warnings indicate that the ...
A critical security vulnerability existed in Perplexity's Comet AI browsing agent that allowed attackers to steal local files from users simply by sending them a malicious calendar invite. The flaw, which was present until last month, exploited the browser's handling of certain protocols or file access permissions link...
A high-severity security vulnerability was identified in a codebase's SSRF (Server-Side Request Forgery) protection mechanisms. The functions `safe_get()` and `SafeSession.request()` were found to have a critical flaw when used with the parameter `allow_redirects=True`. While the initial request URL was properly valida...
A security vulnerability has been identified in OpenClaw's security audit system. The helper function `hasExplicitProviderAccountConfig` (located in `src/security/audit-channel.ts`) uses the JavaScript `in` operator to check if a given `accountId` exists within the accounts configuration object. The `in` operator trave...
A critical security vulnerability has been identified in the RSOLV-dev/nodegoat-vulnerability-demo repository. The vulnerability is classified as Code Injection (CWE-94, OWASP A03:2021) with a confidence level of 80%. The issue is located in the file `app/routes/contributions.js` at line 32, where the `eval()` function...
A critical security vulnerability has been identified in the GitHub repository `arubis/railsgoat-vulnerability-demo`. The automated security scanner RSOLV detected a hardcoded, sensitive API key within the codebase, classified as a Sensitive Data Exposure (CWE-798, OWASP A07:2021). The vulnerability is located in the f...
A critical SQL injection vulnerability has been identified in the `arubis/railsgoat-vulnerability-demo` repository on GitHub. The vulnerability is classified as CWE-89 (SQL Injection) and maps to OWASP A03:2021 (Injection). The security scanner RSOLV reported the issue with 80% confidence. The specific vulnerability is...
A security vulnerability report generated by the RSOLV scanner has identified HIGH severity hardcoded secrets within the RSOLV-dev/nodegoat-vulnerability-demo repository. The scan, conducted on March 4, 2026, found two instances of a hardcoded API key across two configuration files. The vulnerability is classified unde...
A high-severity security vulnerability has been reported in the file `server/routes/geometry.ts`. The issue exposes three critical security flaws in the system's geometry route handling. First, a ReDoS (Regular Expression Denial of Service) vulnerability exists where the `POST /api/geometry/rules` endpoint accepts user...
## 🟠 AETHERIS Security Scan — HIGH Severity ### 📊 Summary | Severity | Count | |----------|-------| | 🔴 Critical | 0 | | 🟠 High | 1 | | 🟡 Medium | 1 | **File analyzed:** `contracts/defi_liquidity_20260228_2000.sol` **Scan date:** 2026-03-04 16:23 UTC ### 🔍 How This Was Found This scan used a **4-agent AI...
A security vulnerability report details the discovery of hardcoded secrets in four separate source code files, classified as a CRITICAL severity issue. The vulnerabilities involve the exposure of sensitive credentials, including API keys, passwords, and secret keys, directly within the source code. This practice poses ...
Google and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have confirmed active exploitation of a critical zero-day vulnerability in Android devices. The flaw is a Qualcomm zero-day, specifically an integer overflow within the Graphics subcomponent. According to Adam Boynton, senior enterprise strateg...