572 matches found
LoLLMs 授权问题漏洞
LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI. Versions of LoLLMs 2.2.0 and earlier contained an authorization vulnerability. This vulnerability stemmed from the lack of mandatory authentication for the/api/files/extract-text endpoint, which could lead to...
Fleet SQL注入漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a SQL...
elixir-nodejs 竞争条件问题漏洞
Elixir-nodejs is an open-source project by Revelry that serves as an Elixir API for calling Node.js functions. Versions of elixir-nodejs prior to 3.1.4 contained a race condition vulnerability. This vulnerability stemmed from race conditions in the working protocol, which led to the loss of...
DEBIAN-CVE-2026-4371
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...
UBUNTU-CVE-2026-4371
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...
PT-2026-27517
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A specially crafted email could contain malformed strings with negative lengths, leading to a memory read outside of the intended buffer. Successful exploitation...
kargo 代码问题漏洞
Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.6.3, 1.7.8 and earlier, 1.8.11 and earlier, as well as 1.9.4 and earlier, have code vulnerabilities. These vulnerabilities stem from server-side request forgery during the HTTP and http-download...
PT-2026-25315
CVE-2026-225757: GetGenie WP plugin IDOR flaw all ≤4.3.2 lets unauth users access/modify/delete arbitrary objects via ID manipulation. Update to 4.3.3 now—check for leaked data. CyberSec WordPress IDOR https://t.co/HVW0fbWe9M...
[SECURITY] [DSA 6159-1] imagemagick security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6159-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 10, 2026 https://www.debian.org/security/faq -...
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
Artificial Intelligence AI is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" f...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.3 and 8.6.16 contain security vulnerabilities. These vulnerabilities stem from the lack of enforceable class-level...
OneUptime 安全漏洞
OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.21 contained security vulnerabilities. These vulnerabilities stemmed from bypasses in authorization and tenant isolation, which could...
LeakIX Search
This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...
Shannon 信任管理问题漏洞
Shannon is an open-source white-box penetration testing tool developed by KeygraphHQ. Shannon has a vulnerability related to trust management, which stems from hardcoded API keys in router configurations. This vulnerability could allow unauthenticated attackers to make proxy requests and...
USN-8076-1: Qt vulnerabilities
It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. CVE-2020-13962 It was discovered that Qt incorrectly handled certain XBM image files. If a user or...
ClawShield 1.0.0
ClawShield is a security proxy for AI agents. It scans all inbound and outbound messages for prompt injection, PII leaks, and secrets...
pgvector 安全漏洞
pgvector is an open-source Postgres vector similarity search tool developed by pgvector. Versions 0.6.0 to 0.8.1 of pgvector contain security vulnerabilities. These vulnerabilities stem from buffer overflows during the parallel HNSW index construction process, which could lead to data leaks or...
CVE-2026-1857
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...
PanCafe Pro 安全漏洞
PanCafe Pro is an internet cafe billing and management software developed by the Turkish company PanCafe. Versions of PanCafe Pro prior to version 3.3.2 up to 23092025 contained security vulnerabilities. These vulnerabilities were due to the transmission of sensitive information in plain text,...
Vadi Corporate Information Systems DigiKent 安全漏洞
Vadi Corporate Information Systems DigiKent is an internet platform operated by Vadi Corporate Information Systems in Turkey. Vadi Corporate Information Systems DigiKent versions prior to 13092025 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of sensitive...