AgentScope 安全漏洞

AgentScope is an open-source application developed by ModelScope. It simplifies the development of multi-agent applications based on LLMs. Versions of AgentScope prior to 1.0.18 contain security vulnerabilities, which stem from incorrect operations on the function...

AgentScope 安全漏洞

AgentScope is an open-source application developed by ModelScope. It facilitates the simpler development of multi-agent applications based on LLMs. Versions of AgentScope prior to 1.0.18 contained a security vulnerability, which was caused by improper handling of parameters imageurl/audiofileurl ...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations wit...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of th...

Vexa 安全漏洞

Vexa is an open-source conference robot and real-time transcription API developed by Vexa.ai. Versions of Vexa prior to 0.10.0-260419-1910 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and authorization checks for internal endpoints, which could...

NanoMQ 安全漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.11 contain security vulnerabilities. These vulnerabilities stem from a minor error in the uriparamparse function, which may lead to a heap buffer overflow...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from specially crafted read and write operations on the menvcfg structure, potentially causing the WPRI bit to be set unexpectedly,...

NEMU 安全漏洞

NEMU is an open-source teaching system simulator developed by XiangShan. NEMU has a security vulnerability, which stems from insufficient Smstateen permissions. This vulnerability may allow low-privilege code access to IMSIC state, potentially leading to cross-context information leaks or...

Serge 安全漏洞

Serge is an open-source web interface for chatting through llama.cpp. Versions of Serge prior to 1.4TB contain security vulnerabilities. These vulnerabilities stem from improper handling of the downloadmodel/deletemodel function in the file api/src/serge/routers/model.py, which may lead to lack o...

PT-2026-33831

Name of the Vulnerable Software and Affected Versions Flowsint affected versions not specified Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a sketch and trigger the org to asn...

BinDiff 8

BinDiff is an open-source comparison tool for binary files to quickly find differences and similarities in disassembled code...

angr 9.2.211

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Security Is Relative: Training-Free Vulnerability Detection Via Multi-Agent Behavioral Contract Synthesis

Deep learning for vulnerability detection has shown promising results on early benchmarks, but recent evaluations reveal catastrophic degradation: models achieving F1 0.68 on legacy datasets collapse to 0.031 under strict deduplication. We identify the root cause as the semantic ambiguity problem...

Malicious code in react-spa-shadcn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b0a6436d822911c9ab59cb73cdf9c25c0dfa562feb406fcfa450ad964418f89 The package react-spa-shadcn was found to contain malicious code. Source: ghsa-malware da9de249511ac32f8d560921d4da27724c126e29260a8fb7c4acb1da70c6b7...

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from operations on the file...

GuardPhish: Securing Open-Source LLMs from Phishing Abuse

The rapid adoption of open-source Large Language Models LLMs in offline and enterprise environments has introduced a largely unexamined security risk like susceptibility to adversarial phishing prompts under static safety configurations. In this work, we systematically investigate this...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

Gitroom Postiz 安全漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz prior to 2.21.6 contained security vulnerabilities. These vulnerabilities were caused by a bypass in file upload validation, which could lead to storage-side cross-site scripting attacks...

CVE-2026-40582

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication...