PT-2026-45896

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

[SECURITY] Fedora 42 Update: firefox-151.0-2.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive...

[SECURITY] Fedora 44 Update: chromium-148.0.7778.178-1.fc44

Chromium is an open-source web browser, powered by WebKit Blink...

UserSpice 安全漏洞

UserSpice is an open-source PHP framework for user management and identity authentication. Version 4.3.24 of UserSpice contains a security vulnerability that stems from username enumeration. This vulnerability could allow unauthenticated attackers to discover valid usernames by sending POST...

Demystifying the Mythos or Disrupting Bugonomics? from Zero-Day Asymmetry to Defender Remediation Throughput

Recent demonstrations of large language models producing candidate and confirmed vulnerabilities in production software have renewed the narrative that AI will reshape offensive and defensive security. Headlines emphasize capability; they rarely interrogate costs and incentives. This paper examin...

EUVD-2026-31504

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

EUVD-2026-31505

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

EUVD-2026-31506

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

MAL-2026-4258 Malicious code in @engagehub/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcc397ed87426726776c339f950939ac2da46c12edd018ed4bc48031f7044094 All three lifecycle hooks preinstall, install, postinstall in package.json invoke node telemetry.js, so the payload fires unconditionally on npm...

EUVD-2026-31489

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...

EUVD-2026-31444

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the findResult query not filtering results based on typebotId, which could lead to the loading of result data from...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of cleanup for configuration file upload forms or the absence of restrictions on SVG/XML uploads, which coul...

PT-2026-42836

Name of the Vulnerable Software and Affected Versions RT versions 6.0.0 through 6.0.2 Description RT is an open source, enterprise-grade issue and ticket tracking system. A Cross-Site Request Forgery CSRF flaw allows an attacker to induce a logged-in user to visit a malicious web page, triggering...

PT-2026-42837

Name of the Vulnerable Software and Affected Versions RT versions 5.0.0 through 5.0.9 RT versions 6.0.0 through 6.0.2 Description An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the...

PT-2026-42845

Name of the Vulnerable Software and Affected Versions RT versions prior to 5.0.10 RT versions 6.0.0 through 6.0.2 Description An authentication bypass exists in installations using LDAP/AD for user authentication. Under specific LDAP server configurations, an attacker can authenticate as any...

Arm NN 安全漏洞

Arm NN is an open-source machine learning inference engine optimized for the Arm architecture, developed by Arm Software. Versions of Arm NN prior to 2026-03-27 contained a security vulnerability. This vulnerability stemmed from integer overflow in the TensorShape::GetNumElements function, which...

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Version 3.15.2 of Typebot contains a security vulnerability. This vulnerability arises from the use of Array.filter with asynchronous callbacks in the getLinkedTypebots API endpoint, causing the authorization check to always...