CVE-2026-31882

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...

CVE-2026-26071 EVerest: OCPP 2.0.1 EVCCID Data Race Leads to Heap Use‑After‑Free

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::string concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update EV/ISO15118 and OCPP session/authorization events. Version 2026.02.0 contains a patch...

CVE-2026-26071

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::string concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update EV/ISO15118 and OCPP session/authorization events. Version 2026.02.0 contains a patch...

CVE-2026-26071

CVE-2026-26071 – EVerest : The affected product is the EVerest EV charging software stack. Versions prior to 2026.02.0 suffer a data race that allows concurrent access to a std::string, with a possible heap-use-after-free. The issue is triggered by EVCCID updates (EV/ISO15118) and OCPP session/au...

CVE-2026-26070 EVerest: OCPP 2.0.1 EV SoC Update Race Causes Charge Point Crash

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...

PT-2026-28351

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race condition that can lead to potential corruption of std::queue and std::deque. The issue is triggered by a...

PT-2026-28349

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to concurrent access to std::string, with a possible heap-use-after-free condition. This issue is...

PT-2026-28500

Name of the Vulnerable Software and Affected Versions ClearanceKit versions 4.1 and earlier Description ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16056)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security bypass vulnerability that can be exploited by an attacker to cause replay events to bypass duplicate checks...

OpenClaw Access Control Error Vulnerability (CNVD-2026-16041)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that stems from the BlueBubbles webhook handler containing a passwordless fallback authentication path, which can be exploited by an attacker to cause an...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit 4.1 and earlier contained security vulnerabilities; these vulnerabilities stemmed from the failure to intercept seven types of file operation events, which could lead to bypassing file...

CVE-2026-33216

creationtimestamp| type| source ---|---|--- 2026-03-25 19:16:32+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33216 2026-03-25 21:01:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhvycfbuag2x 2026-03-25 21:26:46+00:00| seen|...

CVE-2026-23311

A flaw was found in the Linux kernel's perf/core component. This vulnerability occurs due to an invalid wait context during event scheduling, specifically when a pinned event fails and attempts to wake up threads in the ring buffer. An attacker could potentially exploit this to cause system...

CVE-2026-23311 perf/core: Fix invalid wait context in ctx_sched_in()

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.54 and 9.6.0-alpha.43. These vulnerabilities allowed attackers to infer changes in...

CERTFR-2026-ACT-012

creationtimestamp| type| source ---|---|--- 2026-03-23 14:33:22+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mhqbpels6z2c 2026-03-23 14:33:23+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116278978230489798 2026-03-23 20:10:00+00:00| seen|...

CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...

DEBIAN-CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...

UBUNTU-CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...

CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...