Yamcs security vulnerabilities

Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. There are security vulnerabilities in YAMCS, and attackers can exploit these vulnerabilities to perform LDAP injection...

EUVD-2018-21926

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticketid parameter. Attackers can send GET requests to addfacnote.php with crafted SQL payloads to extract sensitive...

CVE-2026-47694

WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...

CVE-2026-45619

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

[SECURITY] Fedora 43 Update: mapserver-8.6.3-1.fc43

MapServer is an Open Source platform for publishing spatial data and interactive mapping applications to the web...

[SECURITY] Fedora 43 Update: CImg-3.7.6-2.fc43

The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...

QuickCMS 授权问题漏洞

QuickCMS is an open-source content management system developed by QuickCMS. There are authorization-related vulnerabilities in QuickCMS. These vulnerabilities stem from the ability to set user session identifiers before authentication, and these session IDs remain unchanged after authentication...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from SSRF policy bypasses in browser debugging and route exports, allowing for the reuse of already opened...

StrongSwan security vulnerabilities

strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. strongSwan has a security vulnerability, which stems from...

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

a2a-sigstore (=0.4.0), aiogithubapi (>=23.9.0 <=23.11.0) +68 more potentially affected by unknown CVE via tuf (>=1.0.0 <=6.0.0)

tuf PYPI version =1.0.0, =23.9.0, =0.2.0, =0.14.0, =0.0.1, =0.1.0, =0.1.9, =0.1.9, =0.1.9, =0.1.20 - floe-catalog-glue =0.1.0a1 - floe-catalog-polaris =0.1.0a1 - floe-compute-duckdb =0.1.0a1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QP9X-WP8F-QGJJ...

PYSEC-0000-CVE-2026-45078

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

PYSEC-2026-191

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

MAL-2026-4839 Malicious code in hellowornd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e9b9637d126bc60120f015b0af88898fae5cf613a015fd572ab74d2554e6d7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in justsaying-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1728e1b0cb2ea174743b9e437b707c768bb8979ba6299fedabfd49ea8a7d8e2 The OpenSSF Package Analysis project identified 'justsaying-docs' @ 2.4.4 npm as malicious. It is considered malicious because: - The package...

CVE-2026-8915

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...

CVE-2026-8915

Technical details about CVE-2026-8915 are not publicly available in the provided documents. Monitor for updates from Samsung Escargot advisories and NVD entries for affected versions, impact, and remediation.