CVE-2026-33105

creationtimestamp| type| source ---|---|--- 2026-04-03 01:10:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikjxjszro25 2026-04-03 01:16:28+00:00| seen| Telegram/iJ-TXq8dDjuzcBmcTa4J1ArjLXeEo9DZvpPvRg0iyulgok 2026-04-03 01:30:27+00:00| seen|...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from multiple polling processes with competing conditions, potentially leading to the loss of EOF even...

CVE-2025-24238

creationtimestamp| type| source ---|---|--- 2026-04-02 22:14:56+00:00| seen| Telegram/vazepRq8pUVmfE1hnQs7eSzvOH2CwegXcQp6HpwRm-K-I 2026-04-02 22:15:08+00:00| seen| Telegram/A1zSU9KcM20ZRLemoMFRz3NG5DsD-KNcnO6EGaNoIwAY1a4...

Malicious Package

Overview strapi-plugin-events is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

CVE-2026-34950

creationtimestamp| type| source ---|---|--- 2026-04-02 08:53:21+00:00| published-proof-of-concept| https://github.com/nearform/fast-jwt/security/advisories/GHSA-mvf2-f6gm-w987 2026-04-06 16:20:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mito77wzr22s 2026-04-06...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.1 had a security vulnerability caused by a state management issue. This vulnerability could allow attackers with physical access to input keyboard events int...

CVE-2026-35099

creationtimestamp| type| source ---|---|--- 2026-04-01 23:26:42+00:00| seen| Telegram/jbWMrWY3kup1vLwq2L3T9QUurzdP-pS58MJjOuG7oT4-o 2026-04-01 23:26:58+00:00| seen| Telegram/lZIbbZM6hBayBvqPlVKcR-m9kDIyKTvGCXDWINXAPChKhQ...

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS in the removeAttributes process. An attacker can execute arbitrary JavaScript in the context of users viewing the FAQ page by...

GHSA-XW59-HVM2-8PJ6 DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost

The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...

CVE-2026-34455

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

CVE-2026-34455

Hi.Events is affected by an SQL injection in which multiple repository classes pass the user-supplied sort_by parameter directly to Eloquent's orderBy() without validation (affecting versions 0.8.0-beta.1 up to before 1.7.1-beta). The underlying issue is the lack of input validation for sort_by, ...

CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

EUVD-2025-5342

Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1...

CLEANSTART-2026-JM96857 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142 applied in versions: 2.16.4-r0, 2.16.4-r1

Multiple security vulnerabilities affect the newrelic-nri-kube-events package. These issues are resolved in later releases. See references for individual vulnerability details...

freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...

CVE-2026-4370

creationtimestamp| type| source ---|---|--- 2026-04-01 08:33:22+00:00| published-proof-of-concept| https://github.com/juju/juju/security/advisories/GHSA-gvrj-cjch-728p 2026-04-01 09:00:34+00:00| seen| https://infosec.exchange/users/offseq/statuses/116328630451101827 2026-04-01 09:00:36+00:00| see...

Hi.Events SQL注入漏洞

Hi.Events is an open-source event ticketing and management platform developed by Hi.Events. Versions of Hi.Events from 0.8.0-beta.1 to 1.7.1-beta contained a SQL injection vulnerability. This vulnerability occurred because multiple repository classes directly passed the sortby query parameter...

PT-2026-29672

Name of the Vulnerable Software and Affected Versions Go MCP SDK versions prior to 1.4.0 Description The Go MCP SDK, utilizing Go's standard encoding/json, did not enable DNS rebinding protection by default for HTTP-based servers prior to version 1.4.0. When an HTTP-based MCP server was run on...

Replay Attack

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack in the webhook-security.ts process. An attacker can bypass replay protection by capturing a valid signed webhook and resending it with reordered query parameters, there...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...