CVE-2026-8086 OSGeo gdal SWapi.c SWnentries heap-based overflow

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

CVE-2026-8084 OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

Malicious code in @b2bneo-rest/api-csf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea4a9f32d6857ac3e548ca117915efd6694039bbc344390f1758f12291776817 The package @b2bneo-rest/api-csf was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3365 Malicious code in @b2bneo-rest/api-csf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea4a9f32d6857ac3e548ca117915efd6694039bbc344390f1758f12291776817 The package @b2bneo-rest/api-csf was found to contain malicious code. Source: ossf-package-analysis...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +373 more potentially affected by CVE-2026-44248 via io.netty:netty-codec-mqtt (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-mqtt MAVEN version =4.2.0.Alpha1, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44248 Source advisory: OSV:GHSA-JFG9-48MV-9QGX...

CVE-2026-41662

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

EUVD-2026-28276

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

EUVD-2026-28274

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

CVE-2026-41660 Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

inngest-js 信息泄露漏洞

Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. There were code issues and vulnerabilities in versions of CI4MS from 0.26.0 to 0.31.8.0. These vulnerabilities stemmed from the auth filter disabling the check for banning/banned users...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was exploited by screenshots, tasks, and component link APIs, allowing enumeration of translations in items that users...

OSGeo gdal 缓冲区错误漏洞

OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. OSGeo GDAL versions 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function called memmove in the frmts/hdf4/hdf-eos/SWapi.c file, which is part of...

OSGeo gdal 缓冲区错误漏洞

OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. OSGeo GDAL versions 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from the operation of the parameter DimensionName in the function SWnentries within the...

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

PT-2026-38445

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPT RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DN...

PT-2026-38444

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...

PT-2026-38440

Name of the Vulnerable Software and Affected Versions Sidekiq-cron versions prior to 2.3.2 Description Sidekiq-cron, an open-source scheduling add-on for Sidekiq, contains a cross-site scripting XSS flaw. This issue occurs when a crafted URL is rendered from the cron.erb file, allowing an attacke...

PT-2026-38556

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.12.4RC1 Description A heap-based buffer overflow occurs in the SWnentries function within the frmts/hdf4/hdf-eos/SWapi.c file. This issue is triggered by the manipulation of the DimensionName argument and require...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...