OpenClaw Security Bypass Vulnerability (CNVD-2026-16055)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Versions of DesDev DedeCMS 5.7.118 and earlier conta...

EUVD-2026-10389

ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write...

EUVD-2026-11401

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

EUVD-2026-11235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...

PT-2026-24698

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

OpenClaw has an unspecified vulnerability (CNVD-2026-13377)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an unspecified vulnerability that stems from insufficient validation of the targetDir value during download skill installation, which can be exploited by an attacker to cause files to be written outsid...

UBUNTU-CVE-2026-25967

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-1...

Mozilla Firefox和Mozilla Thunderbird 资源管理错误漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

SoK: DARPA'S AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned

DARPA's AI Cyber Challenge AIxCC, 2023--2025 is the largest competition to date for building fully autonomous cyber reasoning systems CRSs that leverage recent advances in AI -- particularly large language models LLMs -- to discover and remediate vulnerabilities in real-world open-source software...

GLPI 授权问题漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

raspap-webgui 操作系统命令注入漏洞

Raspap-webgui is an open-source wireless router configuration software developed by RaspAP. Versions of raspap-webgui prior to 3.3.6 contained a vulnerability related to operating system command injection. This vulnerability was due to the susceptibility to OS command injection attacks, which cou...

Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects

Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...

EUVD-2026-4743

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

Everest-core security vulnerabilities

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of everest-core prior to 2025.10.0 contained security vulnerabilities. These vulnerabilities allowed attackers to exhaust the operating system’s memory by establishing an...

LAS security vulnerabilities

LAS is a server software developed by the Pacific Marine Environmental Laboratory and open source. There is a security vulnerability in LAS, which stems from the PyFerret expression used in specially crafted requests, potentially leading to remote code execution...

Operational Runtime Behavior Mining for Open-Source Supply Chain Security

Open-source software OSS is a critical component of modern software systems, yet supply chain security remains challenging in practice due to unavailable or obfuscated source code. Consequently, security teams often rely on runtime observations collected from sandboxed executions to investigate...

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...