CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

EUVD-2026-12638

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

CVE-2026-4295 Arbitrary code execution via crafted project files in Kiro IDE

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

CVE-2026-4295

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

CVE-2026-4295

CVE-2026-4295 affects Kiro IDE prior to 0.8.0. Improper trust boundary enforcement may allow a remote unauthenticated actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. Affected software: K...

Kiro IDE 安全漏洞

Kiro IDE is an integrated development environment developed by Kiro in open source. Versions of Kiro IDE prior to 0.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper execution of trust boundaries, which could allow remote, unverified threat actors to execute...

DEBIAN-CVE-2025-69693

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

EUVD-2026-12241

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

CVE-2026-33041

creationtimestamp| type| source ---|---|--- 2026-03-16 15:02:39+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-px7x-gq96-rmp5...

CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may...

GNU Inetutils 安全漏洞

GNU Inetutils is a set of common network programs from the GNU community in the United States. Versions of GNU Inetutils 2.7 and earlier contained security vulnerabilities, which stemmed from the telnet protocol allowing servers to read arbitrary environment variables from clients through...

CVE-2026-4165 Worksuite HR, CRM and Project Management create cross site scripting

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

CVE-2026-4165

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

PT-2026-25567

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

EUVD-2026-12178

github.com/ctfer-io/monitoring Vulnerable to Improper Access Control...

EUVD-2026-12047

@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script...

Malicious code in project47 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a3f77d5ebfcf087b4f055d7ce552ee0165eadf99d8cc6dcd0f3c767393099d27 Facebook hacking tool that also forces the user to follow specific accounts --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

[SECURITY] Fedora 44 Update: easyrpg-player-0.8.1.1-5.fc44

EasyRPG Player is a game interpreter for RPG Maker 2000/2003 and EasyRPG game s. To play a game, run the "easyrpg-player" executable inside a RPG Maker 2000/2003 game project folder same place as RPGRT.exe...

FreeRDP 数字错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.24.0 contained a numerical error vulnerability. This vulnerability occurred when nBlockAlign was set to 0, resulting in a zero overflow error in the MS-ADPCM and IMA-ADP...