daphne 安全漏洞

Daphne is an open-source ASGI protocol server developed by Django, which supports HTTP, HTTP2, and WebSocket. Versions of Daphne prior to 4.2.2 contained security vulnerabilities. These vulnerabilities were due to differences in the parser, which could allow attackers to inject additional headers...

The Coverage Gap: Chile's Cyber Disclosure Framework Versus the USA, EU and UK

We introduce the Coverage Gap as a measurable distance between the observable public exposure of critical-infrastructure operators and their declared capability to coordinate vulnerability disclosure. We instantiate it against the 915 Chilean Operadores de Importancia Vital OIVs -- Operators of...

CyberGym-E2E: Scalable Real-World Benchmark for AI Agents' End-To-End Cybersecurity Capabilities

AI has the potential to transform cybersecurity by enabling systems that can autonomously detect, analyze, and remediate software vulnerabilities. However, existing cybersecurity evaluations of AI systems are limited in scale or scope, and fail to capture the end-to-end lifecycle of real-world...

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contained security vulnerabilities. These vulnerabilities were caused by a null pointer dereferencing in the gffilterpidresolvefiletemplateex function, which could allow attackers to cause...

EUVD-2026-34050

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

CVE-2026-49448

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

EUVD-2026-34026

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

EUVD-2026-34010

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

MAL-2026-5153 Malicious code in @att-ebiz/abs-components-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8d1b46db555fda7536bcf080f9dfd0ceed5c731f7a96b2579121598dad6721 Package @att-ebiz/[email protected] is an empty placeholder published to public npm under a scope @att-ebiz that matches AT&T's internal...

goclaw 代码问题漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier have code vulnerabilities. These vulnerabilities stem from issues with the Import function in the ttsconfig.go file within the TTS Configuration Endpoint component, which ma...

Pterodactyl Panel 安全漏洞

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.3 contained security vulnerabilities. These vulnerabilities stemmed from a complete failure of the database locking mechanism, which could allow users to bypass...

OpenClaude 安全漏洞

OpenClaude is an open-source coding assistant CLI developed by Gitlawb. Versions of OpenClaude prior to 0.5.1 contained security vulnerabilities. These vulnerabilities were due to logical flaws in the conditional order logic within the MCP authentication process, allowing attackers to completely...

PT-2026-45867

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260227.0 Description An issue exists in the rendering of email-message observable body data where the content of the body field is not appropriately sanitized. This allows for Cross-Site Scripting XSS, a technique...

PT-2026-45858

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.6 authentik versions prior to 2026.2.4 authentik versions prior to 2026.5.1 Description An attacker who has the ability to modify a source connection and possesses an account in one of the configured sources...

SourceCodester Pizzafy Ecommerce System 安全漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a security vulnerability, which stems from the handling of the 'page' parameter in the file/index.php, potentially leading t...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. in the United States. Network is a network component open source by Cloudburst. Versions of Google Chrome prior to 149.0.7827.53 had a resource management vulnerability. This vulnerability stemmed from the Network component’s ability to reus...

SourceCodester Human Resource Management 安全漏洞

SourceCodester Human Resource Management is an open-source human resource management system developed by SourceCodester. Version 1.0 of SourceCodester Human Resource Management contains a security vulnerability. This vulnerability stems from the handling of the parameter employeeid in the Employe...

PT-2026-45859

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.6 authentik versions prior to 2026.2.4 authentik versions prior to 2026.5.1 Description authentik is an open-source identity provider. The Source stage can be bypassed by sending an empty POST request...

PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

angr 9.2.220

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...