CVE-2026-5327

A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-28358

creationtimestamp| type| source ---|---|--- 2026-04-02 04:59:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-28358.yaml...

PT-2026-29859

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

PT-2026-29864

OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...

PT-2026-29876

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

PT-2026-29934

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

PT-2026-29944

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists within the handling of mcp.json files. T...

free5GC 安全漏洞

Free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of Free5GC contains a security vulnerability, which stems from a type confusion issue in the aper component...

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained security vulnerabilities. These vulnerabilities stemmed from multiple notification API endpoints not registering...

A Bootiful Podcast: Java developer advocate Ana-Maria Mihalceanu

I had a wonderful chat with Java Developer Advocate Ana-Maria Mihalceanu about Java Flight Recorder, Project Babylon, Project Panama, and so many other exciting things in the Java ecosystem...

OWASP CRS 安全漏洞

OWASP CRS is a set of open-source attack detection rules developed by the CRS Project. Versions prior to OWASP CRS 3.3.9 and 4.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in file extension checks for spaces, which could lead to bypassing...

Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo

🐧 Linux Privilege Escalation Structured notes from the TCM...

CVE-2026-33949 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

CVE-2026-33949

CVE-2026-33949 concerns TinaCMS’s GraphQL package, where vulnerable versions prior to 2.2.2 expose a path traversal weakness in @tinacms/graphql. The root cause is insufficient path validation (notably handling of backslashes) in getValidatedPath, allowing unauthenticated users to write/overwrite...

PT-2026-29581

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.79.1 Description A flaw exists in the password recovery process that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue affects users utilizing Payload versions...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the approve command in Discord integration. An attacker can gain unauthorized approval of pending host executions by issuing the command without being included...

The US Military’s GPS Software Is an $8 Billion Mess

The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work...

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence AI agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to...