Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities, which stem from the lack of permission control over access to site, user, and role information...

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

EUVD-2026-28872

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

voice-agent-tequity (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-44209 via banks (=2.2.0)

banks PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on banks and may be impacted: - voice-agent-tequity =0.1.0, =0.1.1 Source cves: CVE-2026-44209 Source advisory: OSV:GHSA-GPHH-9Q3H-JGPP...

CVE-2026-42160

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

EUVD-2026-28817

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

aurora-cycler-manager (>=0.10.0 <=0.11.2), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: OSV:GHSA-3RF6-X59V-5JFV...

CVE-2026-41161 Username Enumeration via Timing Attack

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

CVE-2026-42267

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 3.5.15 of AstrBot contains a security vulnerability, which stems from the use of hard-coded private keys for signing JWTs...

People 安全漏洞

People is an open-source user and team permission management application developed by La Suite numérique. Versions of People prior to 1.25.0 contained a security vulnerability. This vulnerability allowed users with the role of email domain administrators to elevate any existing user to the owner...

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of sighash hash types for V5 transactions and the standard hash type used for V4 transactions, whi...

langfuse 访问控制错误漏洞

Langfuse is an open-source large language model engineering platform developed by Langfuse. Versions 3.68.0 to 3.167.0 contained a access control vulnerability. This vulnerability stemmed from a role-based access control flaw in the LLM connection update process. It could allow low-privilege user...

zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

DarkMoon - the Open-Source AI-Powered Autonomous Penetration Testing Platform

DarkMoon is an automated penetration testing tool that orchestrates complete security assessments using artificial intelligence security agents. Built as an open-source cybersecurity tool, it enables organizations to run professional-grade vulnerability assessments without manual intervention...

PT-2026-39203

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands. This can lead to complete database compromise, data theft, or system destruction...

PT-2026-39010

Name of the Vulnerable Software and Affected Versions Password Pusher versions prior to 1.69.3 Password Pusher versions prior to 2.4.2 Description An issue in the generic JSON API create path allows unauthenticated users to create file-type pushes under certain configurations, bypassing the...

From Conceptual Scaffold to Prototype: A Standardized Zonal Architecture for Wi-Fi Security Training

Wi-Fi is the dominant wireless access technology, but its widespread use also exposes systems to threats such as rogue access points, deauthentication attacks, and other IEEE 802.11-specific vulnerabilities. Although Cyber Ranges CRs have become valuable platforms for cybersecurity training and...

Longitudinal Analyses of SAST Tools: A CodeQL Case Study

Open-source software OSS pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time. In this paper, we introduce a novel method to evaluate stat...

SysReptor 安全漏洞

SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor prior to 2026.29 contained security vulnerabilities. These vulnerabilities stemmed from the ability of users with administrator privileges to change the email addresses of users with...