EUVD-2026-26984

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

MAL-2026-3336 Malicious code in @channel_bot/xa0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af511b868a0f1a7152f2b73076b3741da38a5ec9f8b2652af8384ca1890d9372 The package @channelbot/xa0 was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-7735

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

[SECURITY] Fedora 42 Update: chromium-147.0.7727.137-1.fc42

Chromium is an open-source web browser, powered by WebKit Blink...

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the savegeneratedslides function, which could allo...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the MCP OAuth client registration endpoint accepting unauthenticated requests without proper...

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the markdowntabletoimage function, which could lea...

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

CImg 安全漏洞

CImg is a small open-source C++ toolkit for image processing, developed by GREYC. CImg has a security vulnerability that stems from the lack of validation of the nbcolors field in BMP file headers. This vulnerability may lead to excessive memory allocation and cause a system to crash due to...

Code-Projects BloodBank Managing System 访问控制错误漏洞

The Code-Projects BloodBank Managing System is an open-source blood bank management system developed by Code-Projects. Version 1.0 of the code-projects BloodBank Managing System contains a vulnerability related to access control. This vulnerability stems from an unlimited upload function in the...

Android Security Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-05-01 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

MAL-2026-3294 Malicious code in ally-allowlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a086e259ec0972dac4c5fa5c2e204b09c2158df4e01326321b84676837b85be9 The package ally-allowlist was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @athena-portal/themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ceef23383971e2a8f5f8f790c03e71fe17b0a7fc7dee044e2fd39424ce20856 The package @athena-portal/themes was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ally-antivirus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...

[SECURITY] Fedora 43 Update: firefox-150.0-1.fc43

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

Lyussfyuring002

lyussfyuring002 web exploitation + OSINT toolkit for people...

NextChat 访问控制错误漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier contained a access control vulnerability, which was caused by improper cross-domain policies in unknown functions in Next.js files. This...

NextChat 安全漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier contained a security vulnerability. This vulnerability stemmed from the improper authorization in the addMcpServer function within the...

[SECURITY] Fedora 42 Update: chromium-147.0.7727.116-1.fc42

Chromium is an open-source web browser, powered by WebKit Blink...

UI UX Pro Max 注入漏洞

UI UX Pro Max is Next Level Builder open source a cross-platform UI/UX intelligent design system generation tool. UI UX Pro Max 2.5.0 and earlier versions of the injection vulnerability , the vulnerability stems from the Tailwind Config Generator component in the...