CVE-2025-62039

creationtimestamp| type| source ---|---|--- 2026-04-22 16:54:21+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-62039.yaml 2026-04-23 21:03:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk6vwu4jqz2i...

autopoc

AutoPoC Automated proof-of-concept deployments on OpenShift...

Malicious code in moonbit-locale-compat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d42bb32adb1fb5f388368b9e4ab382bfbc8cd7f62dab4c70a8563a448ce9c2af Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

GO-2026-4772 CVE-2026-33816 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5...

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...

GO-2026-4904 nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover in github.com/0xJacky/Nginx-UI...

GO-2026-4901 nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

PT-2026-29944

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api

New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...

CVE-2026-23654

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

GO-2026-4802 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel

Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel...

GO-2026-4678 Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows

Unauthorized access to Argo Workflows Template in github.com/argoproj/argo-workflows...

EUVD-2026-10578

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

EUVD-2026-10577

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2026-23654

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

CVE-2026-23654

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

PT-2026-24264

Name of the Vulnerable Software and Affected Versions zero-shot-scfoundation affected versions not specified Description A dependency on a vulnerable third-party component within the zero-shot-scfoundation GitHub repository enables an unauthorized attacker to execute code over a network...

The Iranian Cyber Capability 2026

The Iranian Cyber Capability 2026 By John Fokker and Ernesto Fernández Provecho · March 5, 2026 Introduction In 2024, we published an assessment of the Islamic Republic of Iran’s cyber capabilities, outlining the structure, tradecraft, and strategic intent of Iranian-aligned threat actors. The co...

GO-2026-4560 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet...