19468 matches found
anti-hacking
🛡️ anti-hacking: Comprehensive Defensive Security Knowledge Ba...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
[SECURITY] Fedora 44 Update: firefox-150.0.3-1.fc44
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...
Fleet 操作系统命令注入漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...
SiYuan 安全漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained security vulnerabilities. These vulnerabilities were caused by ineffective access control for search APIs under certain deployment scenarios, which could lead to the...
PT-2026-41019
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...
Fleet 安全漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...
Flowsint 跨站脚本漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from node descriptions containing arbitrary HTML, allowing remote attackers to create nodes with...
MCP Registry 安全漏洞
MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.9 contained security vulnerabilities. These vulnerabilities stemmed from OCI ownership verification skipping tag matching checks during HTTP 429 requests, which...
Crabbox 安全漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained security vulnerabilities. These vulnerabilities were due to insufficient access control checks, allowing users with access through shared...
Fleet 信任管理问题漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.81.0 contained a trust...
Fleet 安全漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...
Gotenberg 代码问题漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained code vulnerabilities. These vulnerabilities stemmed from the Chromium URL-to-PDF endpoint, which lacked defaul...
Fleet 安全漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.82.0 contained security...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for URL routing using...
Toward Securing AI Agents like Operating Systems
Autonomous agents based on large language models LLMs are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic...
CVE-2026-44219
ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date /...
EUVD-2026-29974
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
MAL-2026-3663 Malicious code in chia-network (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c7439a1ad4a50c3852597bd31aaf7a3f15c53c2cb9f124b9b350e55517b5f592 The OpenSSF Package Analysis project identified 'chia-network' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2026-42934
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...