19509 matches found
Upsonic 安全漏洞
Upsonic is an open-source AI proxy framework developed by Upsonic. Version 0.71.6 of Upsonic contains a security vulnerability. This vulnerability stems from defects in the MCP server or the task creation functionality, which may lead to remote code execution...
GIMP 安全漏洞
GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from a stack buffer overflow in the 4BPP decoding path of the TIM image loader. This vulnerability may cause denial-of-service attacks when opening specially crafted TIM image fil...
OWASP BLT 安全漏洞
OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.1 contained security vulnerabilities. These vulnerabilities were caused by a remote code execution issue in the.github/workflows/regenerate-migrations.yml...
Pyroscope 安全漏洞
Pyroscope is an open-source continuous performance analysis platform developed by Grafana. Vulnerabilities exist in versions prior to Pyroscope 1.15.2, 1.16.1, and 1.17.0. These vulnerabilities stem from improper configuration, potentially allowing attackers to extract the secretkey configuration...
EUVD-2026-22752
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...
Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game
I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from "Jarvis" to "a portal to a new reality." The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or...
Anthropic Mythos: Separating Signal from Hype
The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive...
bjs-biginteger (=5.0.5) potentially affected by unknown CVE via bjs-lint-builders (=1.1.0)
bjs-lint-builders NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builders and may be impacted: - bjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2881...
EUVD-2026-22178
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...
MaxKB 安全漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the use of storage-oriented cross-site scripting in the application name or icon...
Docmost 授权问题漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...
nanobot 安全漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.5 contained a security vulnerability; this vulnerability stemmed from the WebSocket server not verifying the Origin header, which could lead to cross-site WebSocket hijacking...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI 0.7.2 and earlier contain security vulnerabilities. These vulnerabilities stem from a feature that allows for image editing through prompts, which enables blind server-side...
OpenSSL Toolkit 4.0.0
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...
MaxKB 安全漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a Eval injection flaw in the Markdown rendering engine, which could allow any use...
PT-2026-32961
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
LLM-Guided Prompt Evolution for Password Guessing
Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...
PT-2026-32929
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...
Docmost 跨站脚本漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...
SourceCodester Online Employees Work From Home Attendance System 安全漏洞
SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...