CVE-2026-44226

creationtimestamp| type| source ---|---|--- 2026-04-27 20:15:32+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-c3gc-9pf2-84gg...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-44222

creationtimestamp| type| source ---|---|--- 2026-04-27 18:00:06+00:00| published-proof-of-concept| https://github.com/vllm-project/vllm/security/advisories/GHSA-hpv8-x276-m59f...

CVE-2026-43881

creationtimestamp| type| source ---|---|--- 2026-04-27 15:02:44+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-6rvw-7p8v-mjfq...

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that...

CVE-2026-42045

creationtimestamp| type| source ---|---|--- 2026-04-27 05:24:20+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq...

Linux Distros Unpatched Vulnerability : CVE-2026-41414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork co...

Malicious code in robase-gui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffbeda05758af4fb3c32de434df674102718336d499124f08b158271e4a08f7e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Arbitrary Command Injection

Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Arbitrary Command Injection via the shell.write function. An attacker can execute arbitrary system commands by supplying crafted inpu...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the ExecuteSQL function. An attacker can execute arbitrary SQL commands by supplying crafted input to the application. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Comm...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by unknown CVE via openclaw (>=0.0.1 <=2026.4.2)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-J4C5-89F5-F3PM...

MAL-2026-3043 Malicious code in rosolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

CVE-2026-43901

creationtimestamp| type| source ---|---|--- 2026-04-25 13:59:39+00:00| published-proof-of-concept| https://github.com/bx33661/Wireshark-MCP/security/advisories/GHSA-3r68-x3xc-rxpg...

GHSA-28JG-CGG7-J4WC vulnerabilities

Vulnerabilities for packages: apache-nifi, debezium-connector-informix, debezium-connector-spanner, debezium-connector-ibmi, debezium...

CVE-2026-43877

creationtimestamp| type| source ---|---|--- 2026-04-25 01:06:24+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-jw8g-5j46-44rp...

GHSA-PMWG-CVHR-8VH7

creationtimestamp| type| source ---|---|--- 2026-04-24 22:53:42+00:00| seen| Telegram/Vx6nINpqXkyN9lWmYzg7wzzb7SobZ66OCYhgiINimz-nM3E 2026-05-05 05:40:29+00:00| seen| https://gist.github.com/alon710/1fe74fd0f0234822bdcb48ade706690f...

Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...

GHSA-6CHQ-WFR3-2HJ9

creationtimestamp| type| source ---|---|--- 2026-04-24 19:23:26+00:00| seen| Telegram/FGivxNz61ghqDj4ER4orUo942MC3d41x9N89ngSi7socZnE...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

EUVD-2026-25596

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...