CVE-2026-7063

The CVE-2026-7063 entry concerns code-projects Employee Management System 1.0, specifically the Endpoint component’s file /370project/process/eprocess.php. The vulnerability arises from manipulating the pwd argument, leading to SQL injection. Exploitation is described as remote and the exploit is...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the pwd parameter in the...

[SECURITY] Fedora 44 Update: composer-2.9.7-1.fc44

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

[SECURITY] Fedora 44 Update: goose-1.23.2-8.fc44

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

BIT-GITLAB-2026-5377 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

[SECURITY] Fedora 42 Update: composer-2.9.7-1.fc42

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

EUVD-2026-25044

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

CVE-2026-5377 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

CVE-2026-5377 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

CVE-2026-5377

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process...

CVE-2026-5377

Summary: CVE-2026-5377 affects GitLab CE/EE prior to 18.11.1. The vulnerability arises from improper access control in the issue description rendering process, which could allow an authenticated user to view titles of confidential or private issues in public projects. Affected versions: GitLab 18...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +1085 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=7.0.0 <=7.0.4)

org.springframework.security:spring-security-core MAVEN version =7.0.0, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab CE/EE prior to 18.11.1 contained a security...

PT-2026-34519

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.0 Description Improper access control in the issue description rendering process could allow an authenticated user to access titles of confidential or private issues within public projects...

GitLab 18.11 < 18.11.1 (CVE-2026-5377)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in publ...

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply...

CVE-2026-6614

TransformerOptimus SuperAGI

Langflow vulnerable to injection

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

EUVD-2026-23762

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function getclientip/installmcpconfig in the...