Sonicverse 代码问题漏洞

Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...

OpenSCAP Libraries 1.4.4

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

OpenSCAP Libraries 1.3.14

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

CVE-2026-39340

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...

EUVD-2026-20592

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account access. This level of permission requirement is out of alignment with other plugin actions such as...

EUVD-2026-20586

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...

EUVD-2026-20568

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

EUVD-2026-20556

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

LLMtary

LLMtary Elementary — AI-Powered Penetration Testing Platform...

article-extractor (=0.5.8) potentially affected by unknown CVE via justhtml (=1.13.0)

justhtml PYPI version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on justhtml and may be impacted: - article-extractor =0.5.8 Source cves: unknown CVE Source advisory: OSV:GHSA-R758-8HXW-4845...

PT-2026-31418

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description The OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This could allow an attacker to potentially compromise...

PT-2026-31433

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...

Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities across the Open-Source Quantum Computing Simulator Ecosystem

Quantum computing simulators form the classical software foundation on which virtually all quantum algorithm research depends. We present Broken Quantum, the first comprehensive formal security audit of the open-source quantum computing simulator ecosystem. Applying COBALT QAI -- a four-module...

QD 安全漏洞

QD is a task scheduling and automatic execution tool developed by QD OpenSource. There is a security vulnerability in QD 20230821, which stems from a specially crafted request and may lead to server-side request forgery...

InvenTree 授权问题漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.7 and 1.3.0 contained authorization-related vulnerabilities. These vulnerabilities allowed users with...

monetr 授权问题漏洞

Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.3 had an authorization issue vulnerability. This vulnerability stemmed from a transaction integrity flaw, which could lead to bypassing deletion protection...

OpenSSL Toolkit 3.0.20

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.0 LTS release...

OpenSSL Toolkit 3.5.6

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 LTS release...

OpenSSL Toolkit 3.3.7

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.3 release...