Developer Leaks API Key for Private Tesla, SpaceX LLMs

In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemi...

GO-2025-3665 Inspektor Gadget Security Policies Can be Bypassed in github.com/inspektor-gadget/inspektor-gadget

Inspektor Gadget Security Policies Can be Bypassed in github.com/inspektor-gadget/inspektor-gadget...

GO-2025-3647 Rancher users who can create Projects can gain access to arbitrary projects in github.com/rancher/rancher

Rancher users who can create Projects can gain access to arbitrary projects in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2025-3648 Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks in github.com/rancher/stev

Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle MitM attacks in github.com/rancher/stev. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2025-3649 Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet

Fleet doesn’t validate a server’s certificate when connecting through SSH in github.com/rancher/fleet...

CVE-2022-42118

creationtimestamp| type| source ---|---|--- 2025-05-03 16:34:09+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-42118.yaml 2025-05-05 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lohbckkmji2n...

CVE-2022-26585

creationtimestamp| type| source ---|---|--- 2025-05-01 11:20:11+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-26585.yaml 2025-05-02 21:02:23+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lo7pvr3vs726...

CVE-2025-46554

creationtimestamp| type| source ---|---|--- 2025-04-30 19:13:41+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14130 2025-04-30 22:06:03+00:00| seen| https://t.me/cvedetector/24135 2025-08-28 13:39:35+00:00| confirmed|...

GO-2025-3639 Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju

Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju...

GO-2025-3631 GoBGP panics due to a zero value for softwareVersionLen in github.com/osrg/gobgp

GoBGP panics due to a zero value for softwareVersionLen in github.com/osrg/gobgp...

GO-2025-3632 GoBGP crashes in the flowspec parser in github.com/osrg/gobgp

GoBGP crashes in the flowspec parser in github.com/osrg/gobgp...

GO-2025-3636 one-api Cross-site Scripting vulnerability in github.com/songquanpeng/one-api

one-api Cross-site Scripting vulnerability in github.com/songquanpeng/one-api...

GO-2025-3625 cnlh nps vulnerable to file overwrite by local user in github.com/cnlh/nps

cnlh nps vulnerable to file overwrite by local user in github.com/cnlh/nps...

GO-2025-3621 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server...

GO-2025-3612 Dpanel's hard-coded JWT secret leads to remote code execution in github.com/donknap/dpanel

Dpanel's hard-coded JWT secret leads to remote code execution in github.com/donknap/dpanel...

GO-2025-3603 Query smuggling in ch-go library in github.com/ClickHouse/ch-go

Query smuggling in ch-go library in github.com/ClickHouse/ch-go...

CVE-2025-27892

creationtimestamp| type| source ---|---|--- 2025-04-10 14:38:56+00:00| seen| https://bsky.app/profile/campuscodi.risky.biz/post/3lmhq7wh5zk2w 2025-04-15 22:43:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5megosj2j 2025-04-16 01:49:06+00:00| seen|...

GO-2025-3594 MinIO performs incomplete signature validation for unsigned-trailer uploads in github.com/minio/minio

MinIO performs incomplete signature validation for unsigned-trailer uploads in github.com/minio/minio...

BIT-DOLIBARR-2023-5842 Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

Cross-site Scripting XSS - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5...

BIT-DOLIBARR-2022-0819 Code Injection in dolibarr/dolibarr

Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1...