Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

GHSA-2599-H6XX-HPXP vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa...

GHSA-JCXM-M3JX-F287

creationtimestamp| type| source ---|---|--- 2026-04-13 19:19:04+00:00| published-proof-of-concept| Telegram/61DYlWTca6IkcTFpN2RYBtwr9MKXFEKysLP63-1xRoUERI...

CVE-2026-40907

creationtimestamp| type| source ---|---|--- 2026-04-13 12:03:15+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-gpgp-w4x2-h3h7...

GHSA-3P68-RC4W-QGX5

creationtimestamp| type| source ---|---|--- 2026-04-13 12:02:56+00:00| seen| https://gist.github.com/subaruoutbacksteakhouse/755867cb60dca06f145990b4865d6eee 2026-04-20 01:05:19+00:00| seen| https://gist.github.com/konard/dc529ad3e07305daab99c78bc17d7ea6 2026-04-27 21:04:47+00:00| seen|...

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macO...

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

GHSA-67JX-R9PV-98RJ vulnerabilities

Vulnerabilities for packages: traefik...

GHSA-9M3C-QCXR-9X87 vulnerabilities

Vulnerabilities for packages: nacos, ontop, thingsboard, camunda-zeebe, kayenta, camunda, ontop-fips, nacos-docker, kayenta-fips...

CVE-2026-4106

creationtimestamp| type| source ---|---|--- 2026-04-12 01:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/79929 2026-04-12 02:46:41+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-4106.yaml 2026-04-12 03:00:07+00:00|...

Malicious code in robase-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1edd96cface7dcae9f445d94982ffc19a27e557fae7030e77e6e5646dfdd5c98 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Exploit for CVE-2026-39866

CVE-2026-39866 — Command Injection via unquoted workflow dispa...

GHSA-GM3X-23WP-HC2C vulnerabilities

Vulnerabilities for packages: traefik...

GHSA-QH6H-P6C9-FF54 vulnerabilities

Vulnerabilities for packages: py3-langchain...

GHSA-R6QV-FRPC-Q66C vulnerabilities

Vulnerabilities for packages: jenkins...

GHSA-VGPV-F759-9WX3 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.2-rails, ruby3.4-rails, kube-fluentd-operator...

GHSA-XV6W-GXJ8-V943 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-6R7G-3MM3-FHW7 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-326M-34V3-GV5P vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: grafana-rollout-operator, malcontent, victoriametrics, apko, stakater-reloader, rabbitmq-messaging-topology-operator, flux-helm-controller, fluxcd-kustomize-mutating-webhook, mariadb-operator, sftpgo-plugin-eventsearch, mountpoint-s3-csi-driver, nodetaint,...