GHSA-W6V6-49GH-MC9W Flowise: Path Traversal in Vector Store basePath

Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Moderate: Red Hat Security Advisory: New container image: rhceph-9.0

A new version of Red Hat build of Ceph Storage has been released The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 9.0. This release updates to the latest version...

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

CLSA-2026-1776334207 gstreamer1-plugins-base: Fix of CVE-2026-2921

CVE-2026-2921: fix RIFF palette integer overflow...

CLSA-2026-1776333493 ghostscript: Fix of CVE-2024-29508

CVE-2024-29508: fix heap-based pointer disclosure in pdfbasefontalloc...

org.sonatype.nexus.assemblies:nexus-base-feature (>=3.4.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02) +3 more potentially affected by CVE-2026-5189 via org.sonatype.nexus:nexus-base (>=3.10.0-04 <=3.70.1-02)

org.sonatype.nexus:nexus-base MAVEN version =3.10.0-04, =3.4.0-02, =3.60.0-02, =3.4.0-02, =0.1.6, =3.48.0-01, =3.70.1-02 Source cves: CVE-2026-5189 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-16427423...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...

Malicious Package

Overview tether-wrk-base is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview base-counter-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in base-counter-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d62a2050cc5eeb2ef06d0fc82867045f7b3d45cb4285dee67a182482ec29fb7 The package base-counter-web was found to contain malicious code. Source: ghsa-malware a14be5d8c05cd4abe5d7c7cc81e7da406ff18dfed1f6b64d1eb731c9344b4e...

MAL-2026-2691 Malicious code in base-counter-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d62a2050cc5eeb2ef06d0fc82867045f7b3d45cb4285dee67a182482ec29fb7 The package base-counter-web was found to contain malicious code. Source: ghsa-malware a14be5d8c05cd4abe5d7c7cc81e7da406ff18dfed1f6b64d1eb731c9344b4e...

pentest-with-LLM

🛡️ pentest-with-LLM - Run Guided Security Testing !Download...

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.4.6 and earlier have a security vulnerability that stems from a storage-side cross-site scripting attack, which could allow arbitrary scripts to be executed in the user...

CVE-2026-6108

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 (KB5084066)

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 KB5084066...

2026-04 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5082198)

2026-04 Cumulative Update for Windows 10 Version 1607 for x86-based Systems KB5082198...