PT-2026-5339

Name of the Vulnerable Software and Affected Versions Monkey affected versions not specified Description A use-after-free issue exists in the mk http request end function located in mk server/mk http.c. This flaw allows attackers to potentially cause a Denial of Service DoS by sending a specially...

EUVD-2025-206521

A stack overflow in the mkhttpindexlookup function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63658

CVE-2025-63658 is a stack overflow vulnerability in the Monkey server code. The flaw resides in the mk_http_index_lookup function (mk_server/mk_http.c) triggered by handling crafted HTTP requests, leading to Denial of Service. The observed root cause is a stack overflow in the handling/lookup log...

PT-2026-5340

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the mk vhost fdt close function located in mk server/mk vhost.c. This issue allows attackers to cause a Denial of Service DoS by sending a crafted HTTP request to the server...

EUVD-2025-206526

An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

PT-2026-5342

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the header cmp function located in mk server/mk http parser.c. This issue allows attackers to cause a Denial of Service DoS by sending a crafted HTTP request to the server...

PT-2026-5337

Name of the Vulnerable Software and Affected Versions monkey commit f37e984 Description An out-of-bounds read exists in the mk ptr to buf function within the mk core function located in mk memory.c. This issue can be triggered by sending a specially crafted HTTP request to the server, potentially...

EUVD-2025-206527

A use-after-free in the mkhttprequestend function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2026-1444

A vulnerability has been found in iJason-Liu BooksManager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/bookscenter/addbookcheck.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. T...

SUSE CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

UBUNTU-CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

EUVD-2026-4743

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

PT-2026-5027

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.1 Description RAGFlow, an open-source RAG Retrieval-Augmented Generation engine, contains a “Zip Slip” issue in the MinerU parser. This allows an attacker to overwrite arbitrary files on the server, potentially...

CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection

Secure code review is critical at the pre-commit stage, where vulnerabilities must be caught early under tight latency and limited-context constraints. Existing SAST-based checks are noisy and often miss immature, context-dependent vulnerabilities, while standalone Large Language Models LLMs are...

PT-2026-4840

Name of the Vulnerable Software and Affected Versions QGIS versions prior to commit 76a693cd91650f9b4e83edac525e5e4f90d954e9 Description The QGIS repository contained a GitHub Actions workflow named "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was susceptible ...