The Daily Cyberspace Information

January 16, 2026 • 00:01:00

Today we'll cover two vulnerabilities.

The first is CVE-2026-23768. The second is CVE-2026-23768.

January 13, 2026 • 00:02:04

[CVE-2025-69264]pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle...

January 14, 2026 • 00:02:08

[CVE-2026-23478]Authentication Bypass via Unvalidated Email in Custom JWT Callback

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to...

January 15, 2026 • 00:00:51

[CVE-2026-23498]Shopware vulnerability

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure...

January 15, 2026 • 00:00:51

[CVE-2026-23512]There is a Untrusted Search Path vulnerability when Advanced Options setting is trigger.

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger....

January 17, 2026 • 00:02:51

[CVE-2026-23745][node-tar library]Insufficient Link Path Sanitization

The node-tar library (Version 7.5.2 or earlier) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default...