PT-2026-32151

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be use...

PT-2026-32141

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

Exploit for Path Traversal in Gogs

GOGS RCE cve-2025-8110 Gogs is a lightweight and self-hosted...

Exploit for CVE-2025-81110

CVE-2025-81110-PoC Improper Symbolic link handling in the PutC...

EUVD-2026-21682

A pre-authenticated reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

MAL-2026-2563 Malicious code in robase-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1edd96cface7dcae9f445d94982ffc19a27e557fae7030e77e6e5646dfdd5c98 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

Exploit for Improper Neutralization of Special Elements in Data Query Logic in Facturascripts

CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

MAL-2026-2561 Malicious code in robase-help (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b83143e22b0a815d6a2702f547ae9f4620ee086c8b9360a0d60ff2ed2186d56b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2559 Malicious code in databasesupalake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78dbe2b5e300604ea36dc85a6b0e9eae4e92b7b3729de10b3951f5e3bfc7729b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: zot, chartmuseum, consul-k8s, cilium-cli, istio, zarf, flux, k8ssandra-client, helm-docs, kubescape, cerbos, helm-operator, chart-testing, rancher-fleet, tw, nova, trivy-operator, linkerd2, headlamp, k9s, trivy, envoy-gateway, teleport, harbor, cert-manager-cmctl,...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: zot, chartmuseum, consul-k8s, cilium-cli, istio, zarf, flux, k8ssandra-client, helm-docs, kubescape, cerbos, helm-operator, chart-testing, rancher-fleet, tw, nova, trivy-operator, linkerd2, headlamp, k9s, trivy, envoy-gateway, teleport, harbor, cert-manager-cmctl,...

MAL-2026-2556 Malicious code in api-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3bf88cef3ca699f69bada95749b40c4426c9a9c528e53c473698be88cbdc783 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: trivy, cloudbeat-fips, k9s-fips, kube-arangodb-fips, tigera-operator-fips, kots, trivy-operator, chartmuseum, istio, tigera-operator, harbor, chaos-mesh-fips, tw, chart-testing, kubescape-server-fips, harbor-fips, teleport, zot, gitlab-operator, chaos-mesh,...

MAL-2026-2558 Malicious code in robase-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68a1df331005b75fc4c5e3aac4adf912ec273dd9c6fa671128aa73c96e3a935 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2555 Malicious code in api-feature (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c86a3079da8157aef32d5d4c4f2420239981a142fc1150eb0ac2e695be2779e9 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in @sap-px/pxapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c70a3dbae0518bc379bebf8a6eecf65c9b7ed68be4b1e352a458a42ba77b5b2d The package @sap-px/pxapi was found to contain malicious code. Source: ghsa-malware f83795730a6230997fb73e029559ad586c6130bc00c0cc6740e3d82f2250b452...

MAL-2026-2545 Malicious code in @sap-px/pxapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c70a3dbae0518bc379bebf8a6eecf65c9b7ed68be4b1e352a458a42ba77b5b2d The package @sap-px/pxapi was found to contain malicious code. Source: ghsa-malware f83795730a6230997fb73e029559ad586c6130bc00c0cc6740e3d82f2250b452...