CVE-2026-44342: CWE-352: Cross-Site Request Forgery (CSRF) in QuantumNous new-api
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along
CWE Top 25 for 2019
In case you weren’t aware of it, there is now a 2019 version of the CWE Top 25 list . This list attempts to rank what are the most important

Workers, WAF - WAF and framework adapter mitigations for React and Next.js vulnerabilities
Multiple security vulnerabilities were disclosed by the React team and Vercel affecting React Server Components and Next.js. These include d

WAF - WAF Release - 2026-02-02
This week’s release introduces new detections for CVE-2025-64459 and CVE-2025-24893. Key Findings CVE-2025-64459: Django versions prior to 5

WAF - WAF Release - 2025-11-24
This week highlights enhancements to detection signatures improving coverage for vulnerabilities in FortiWeb, linked to CVE-2025-64446, alon

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

Comments
Sign in to join the conversation.
No comments yet. Be the first.