19509 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot:...
PT-2026-32527
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description The -sample operation contains an out-of-bounds read, which occurs when a specific offset is configured via the sample:offset define. Recommendations...
SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞
The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP...
PT-2026-32273
Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...
MAL-2026-2873 Malicious code in ts-schema-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa35c0f1b632f24027499340dfbe35df1f1d57bed2a5ad8327d688a7b23507a3 The package ts-schema-helpers was found to contain malicious code. Source: ossf-package-analysis...
Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents
Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x...
AstrBot 代码问题漏洞
AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.22.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the postdata.get function in the API Endpoint component, which could...
infosec-notebook
infosec-notebook Personal cybersecurity notes and references...
MAL-2026-2553 Malicious code in paysafe-payments-sdk-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e93e9be8a06ed53e5f7b88d33e9f020bf96f51c343c2ffe9bd620bc498c011bf The package paysafe-payments-sdk-common was found to contain malicious code. Source: ghsa-malware...
OpenClaw 路径遍历漏洞
OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. OpenClaw has a path traversal vulnerability, which stems from insufficient validation of path parameters, potentially leading to information leakage...
MaxKB 代码注入漏洞
MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...
1claw-crewai-tools (=0.1.0), aacp-crewai (=0.1.0) +1044 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)
uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-68HJ-V9MW...
Malicious code in @b2b-portal/form (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...
Spring Cloud Gateway's SSL bundle configuration silently bypassed
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...
CVE-2026-22750 SSL bundle configuration silently bypassed in Spring Cloud Gateway
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...
SvelteKit 安全漏洞
SvelteKit is an open-source web development framework developed in Svelte. Versions of SvelteKit prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from a scenario where requests could bypass the BODYSIZELIMIT, potentially leading to denial-of-service attacks...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from nodes that performed operations without revalidating according to the current command policy during...
PT-2026-32982
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...
ajenti 竞争条件问题漏洞
Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Prior to version 0.112, there was a race condition vulnerability in Ajenti. This vulnerability allowed for bypassing of user authentication within a short period after authentication was performed...