Lucene search
K

19509 matches found

CNNVD
CNNVD
added 2026/04/15 12:0 a.m.15 views

Upsonic 安全漏洞

Upsonic is an open-source AI proxy framework developed by Upsonic. Version 0.71.6 of Upsonic contains a security vulnerability. This vulnerability stems from defects in the MCP server or the task creation functionality, which may lead to remote code execution...

9.8CVSS6.3AI score0.00974EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from a stack buffer overflow in the 4BPP decoding path of the TIM image loader. This vulnerability may cause denial-of-service attacks when opening specially crafted TIM image fil...

5.5CVSS6AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.7 views

OWASP BLT 安全漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.1 contained security vulnerabilities. These vulnerabilities were caused by a remote code execution issue in the.github/workflows/regenerate-migrations.yml...

8.8CVSS6.6AI score0.00411EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.14 views

Pyroscope 安全漏洞

Pyroscope is an open-source continuous performance analysis platform developed by Grafana. Vulnerabilities exist in versions prior to Pyroscope 1.15.2, 1.16.1, and 1.17.0. These vulnerabilities stem from improper configuration, potentially allowing attackers to extract the secretkey configuration...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 9:39 p.m.5 views

EUVD-2026-22752

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 6:17 p.m.16 views

Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game

I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from "Jarvis" to "a portal to a new reality." The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or...

8.8CVSS7.3AI score0.08016EPSS
Exploits5
Imperva Blog
Imperva Blog
added 2026/04/14 5:43 p.m.13 views

Anthropic Mythos: Separating Signal from Hype

The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/14 12:35 p.m.12 views

bjs-biginteger (=5.0.5) potentially affected by unknown CVE via bjs-lint-builders (=1.1.0)

bjs-lint-builders NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on bjs-lint-builders and may be impacted: - bjs-biginteger =5.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2881...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/14 12:13 a.m.8 views

EUVD-2026-22178

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

6.3CVSS6.3AI score0.00485EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the use of storage-oriented cross-site scripting in the application name or icon...

6.9CVSS5.9AI score0.00216EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

4.3CVSS5.8AI score0.00213EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

nanobot 安全漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.5 contained a security vulnerability; this vulnerability stemmed from the WebSocket server not verifying the Origin header, which could lead to cross-site WebSocket hijacking...

9.3CVSS5.7AI score0.0016EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI 0.7.2 and earlier contain security vulnerabilities. These vulnerabilities stem from a feature that allows for image editing through prompts, which enables blind server-side...

4.3CVSS5.8AI score0.00227EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.4 views

OpenSSL Toolkit 4.0.0

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.5 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a Eval injection flaw in the Markdown rendering engine, which could allow any use...

6.9CVSS6.1AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.13 views

PT-2026-32961

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

7.2CVSS6AI score0.00731EPSS
Exploits2References4
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.8 views

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32929

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Docmost 跨站脚本漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...

4.6CVSS5.7AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder