CVE-2026-55885: CWE-312: Cleartext Storage of Sensitive Information in getgrav grav
Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including…
Read the full articleYou might also wanna read
lockenv: Password-Based Encrypted Vault for .env and Infrastructure Secrets
Simple, password-based encrypted vault for .env and infrastructure secrets. Like git-crypt or sops, but dramatically simpler. Ideal for smal
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link
Analysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability
Almost every IP we logged exploiting the Gravity SMTP credential bug shares one HTTP fingerprint. Behind it is a Google Cloud fleet of thous

Critical Arbitrary File Write Vulnerability in Dulwich Git Library (CVE-2026-42305) Allows RCE on Windows
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbi
Critical 7-Zip vulnerability (CVE-8.8) enables code execution via crafted archive files; update to version 26.01 urged
Everyone, get your update hats on immediately; we're at DEFCON 1

WAF - WAF Release - 2025-05-19
This week's analysis covers four vulnerabilities, with three rated critical due to their Remote Code Execution (RCE) potential. One targets

Comments
Sign in to join the conversation.
No comments yet. Be the first.