OpenSSL Toolkit 4.0.0

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...

PT-2026-32929

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

PT-2026-32961

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the use of storage-oriented cross-site scripting in the application name or icon...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a Eval injection flaw in the Markdown rendering engine, which could allow any use...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI 0.7.2 and earlier contain security vulnerabilities. These vulnerabilities stem from a feature that allows for image editing through prompts, which enables blind server-side...

MaxKB 跨站脚本漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.7.1 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the front-end MdRenderer.vue component, which bypassed standard...

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

Uppy 安全漏洞

Uppy is an open-source file uploader developed by Transloadit, designed for web browsers. Version 0.25.6 of Uppy contains a security vulnerability, which stems from the use of incompatible types to access resources...

Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

Docmost 跨站脚本漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.70.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of MIME type deception, which could lead to storage-based cross-site...

nanobot 安全漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.5 contained a security vulnerability; this vulnerability stemmed from the WebSocket server not verifying the Origin header, which could lead to cross-site WebSocket hijacking...

Security-Advisories

Security Advisories — trexnegr0 Public disclosure repository...

OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures

OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems...

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

EUVD-2026-21850

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

EUVD-2026-21824

Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

EUVD-2026-21820

Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-40447

Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...