SOCFortress CoPilot 授权问题漏洞

SOCFortress CoPilot is an open-source unified security operations platform developed by SOCFortress. Versions of SOCFortress CoPilot prior to 0.1.57 contained authorization-related vulnerabilities. These vulnerabilities stemmed from a hardcoded JWT signing key being used as a backup value, and th...

Inkeep Agents 授权问题漏洞

Inkeep Agents is an open-source tool developed by Inkeep, designed for building AI agents that support visual drag-and-drop operations and TypeScript SDKs. Version 0.58.14 of Inkeep Agents contains a vulnerability related to authorization. This vulnerability originates from the createDevContext...

PT-2026-39742

CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...

MAL-2026-3420 Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

Dark-Moon

The Open-Source AI-...

PT-2026-39464

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

Position: AI Security Policy Should Target Systems, Not Models

We present swarm-attack, an open-source adversarial testing framework in which multiple lightweight LLM agents coordinate through shared memory, parallel exploration, and evolutionary optimization. Together, our results demonstrate that both safety bypass of frontier models and software...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities, which stem from the lack of permission control over access to site, user, and role information...

apko 路径遍历漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.2.5 of Apko, there was a path traversal vulnerability. This vulnerability occurred because specially crafted APK packages could install entries that pointed to directories other than the build root directory. This...

apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

arcane 安全漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from four GET endpoints under/api/templates, which did not have security requirements set up. This could allow any...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 had security vulnerabilities. These vulnerabilities stemmed from the ability to create, replace, and delete user avatars without restricting user update permissions...

EUVD-2026-28872

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

voice-agent-tequity (>=0.1.0 <=0.1.1) potentially affected by CVE-2026-44209 via banks (=2.2.0)

banks PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on banks and may be impacted: - voice-agent-tequity =0.1.0, =0.1.1 Source cves: CVE-2026-44209 Source advisory: OSV:GHSA-GPHH-9Q3H-JGPP...

EUVD-2026-28817

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

CVE-2026-42160

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

aurora-cycler-manager (>=0.10.0 <=0.11.2), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: OSV:GHSA-3RF6-X59V-5JFV...

CVE-2026-41161 Username Enumeration via Timing Attack

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

CVE-2026-42267

Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...

PT-2026-39198

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, which can lead to complete server compromise and the installation of a persistent backdoor...