PT-2026-26754

Name of the Vulnerable Software and Affected Versions orpc versions prior to 1.13.9 Description orpc, a tool for building type-safe APIs adhering to OpenAPI standards, contains a stored cross-site scripting XSS issue in its OpenAPI documentation generation. An attacker controlling fields within t...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities. These vulnerabilities st...

UBUNTU-CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

EUVD-2026-12749

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

ai-pocs

AI PoCs Workspace Personal workspace for AI/LLM experiments a...

Quip MCP Server 命令注入漏洞

Quip MCP Server is a documentation-based server developed by AvinashBole. Version 1.0.0 of Quip MCP Server has a command injection vulnerability, which stems from incorrect operations on the function setupToolHandlers in the file src/index.ts, potentially leading to command injection...

[SECURITY] Fedora 44 Update: python3.11-3.11.15-1.fc44

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 44 Update: python3.10-3.10.20-1.fc44

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

[SECURITY] Fedora 44 Update: gstreamer1-doc-1.28.1-1.fc44

GStreamer documentation...

MINI-Q6GH-5VCM-X8XW

Bulletin has no description...

MINI-7QVH-WXXC-3WFP

Bulletin has no description...

Spinning complex ideas into clear docs with Kri Dontje

Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...

PT-2026-24575

Name of the Vulnerable Software and Affected Versions netbox-docker versions prior to 2.5.0 Description The netbox-docker software, before version 2.5.0, includes a superuser account with default credentials. Specifically, the admin account has a default password, and the SUPERUSER API TOKEN is s...

EUVD-2026-10480

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

UBUNTU-CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

PT-2026-24199

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example within Apache PDFBox contains a path traversal issue. The filename obtained from...

CVE-2026-3721

A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...

Coverage-Guided Multi-Agent Harness Generation for Java Library Fuzzing

Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming and requires deep understanding of API semantics,...

EUVD-2026-10225

A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...

CVE-2026-3721

A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...