158487 matches found
CVE-2025-32425
CVE-2025-32425 affects AutoGPT platform prior to v0.6.32, where container execution logs emitted to stdout/stderr could be captured by Docker and stored as container logs without a size limit. This lack of log rotation/log size control can lead to server disk resource exhaustion and DoS under hig...
GHSA-FX83-V9X8-X52W vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
CVE-2026-44292 vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
CVE-2026-44289 vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
GHSA-685M-2W69-288Q vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
CVE-2026-44294 vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
GHSA-Q6X5-8V7M-XCRF vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
GHSA-66FF-XGX4-VCHM vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
GHSA-JVWF-75H9-CWGG vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
GHSA-2PR8-PHX7-X9H3 vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
CVE-2026-44288 vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
CVE-2026-44290 vulnerabilities
Vulnerabilities for packages: renovate, kibana, opentelemetry-auto-instrumentations-node, gemini-cli, kubeflow-centraldashboard, vitess, librechat, homepage, pulumi, cadence-web...
PT-2026-40792
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Out-of-Memory OOM condition can be triggered by overloading the server through the use of the $ timeGroup macro. This issue requires the use of a SQL...
quark-auto-save 安全漏洞
Quark-auto-save is a personal development tool created by Cp0204, designed for automatic transfer of data to Quark Cloud Storage and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from a batch assignment...
CVE-2026-44166
PocketBase suffers an account pre-hijacking vulnerability via OAuth2 unverfied→verified autolinking. An attacker who knows a victim’s email can pre-create and link an unverified PocketBase user by authenticating with an OAuth2 provider (e.g., A). When the victim later signs up with a different pr...
CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade
Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...
MAL-2026-3679 Malicious code in @2oolkit/hyperliquid-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c3af30011dcf54950f270463028270d732fce20b5cd5da44342a0748922e6df The package is advertised as a neutral CLI/MCP wrapper for Hyperliquid, but its distributed code silently routes value from the installer to an...
Malicious code in dcchbot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...
CVE-2026-42554
Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...
CVE-2026-42554
CVE-2026-42554 describes an XSS in Fiber’s AutoFormat content negotiation. Affected: GoFiber/v3 up to 3.1.0 and GoFiber/v2 up to 2.52.12. Root cause: the html branch of AutoFormat can emit raw, attacker-influenced data wrapped in HTML when the client sends Accept: text/html, enabling injection of...