29472 matches found
security-research
Security Research & Vulnerability Proof-of-Concepts Welcome t...
GHSA-6HRP-7FQ9-3QV2
creationtimestamp| type| source ---|---|--- 2026-03-27 03:18:12+00:00| seen| Telegram/wovzpCQvp7hlTQxwTsDEYFJDESQHFA6mVe176dFHuk85of0...
GHSA-7H8W-HJ9J-8RJW
creationtimestamp| type| source ---|---|--- 2026-03-27 03:17:50+00:00| published-proof-of-concept| Telegram/GblWBcVIPYIrXGBoPy7bAM0O64UdRepvGT6caCd3l3fA...
PT-2026-28280
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commit...
Wazuh 安全漏洞
Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Version 4.12.0 of Wazuh contains a security vulnerability. This vulnerability stems from...
CVE-2026-28786
creationtimestamp| type| source ---|---|--- 2026-03-26 23:29:07+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-vvxm-vxmr-624h...
GHSA-3WJR-6GW8-9J22
creationtimestamp| type| source ---|---|--- 2026-03-26 21:36:49+00:00| seen| Telegram/knkV6U7RC4OpKxR0GhJKoJS2C9ZLnhn5rNmC0CAguDvjk...
Incorrect Authorization
Overview @openclaw/tlon is an OpenClaw Tlon/Urbit channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the cite expansion process before authorization is complete. An attacker can access or manipulate content prior to proper authorization by triggering ci...
GO-2026-4862 OpenBao has Reflected XSS in its OIDC authentication error message in github.com/openbao/openbao
OpenBao has Reflected XSS in its OIDC authentication error message in github.com/openbao/openbao...
GO-2026-4838 Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint in github.com/lin-snow/ech0
Ech0 authenticated user-list exposed data via public /api/allusers endpoint in github.com/lin-snow/ech0...
GO-2026-4829 NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server
NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server...
GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...
GO-2026-4824 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab
A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab...
GO-2026-4817 GoDoxy has a Path Traversal Vulnerability in its File API in github.com/yusing/godoxy
GoDoxy has a Path Traversal Vulnerability in its File API in github.com/yusing/godoxy...
GO-2026-4717 Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo
Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo...
GO-2026-4713 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser...
GHSA-4MQ7-PVJG-XP2R
creationtimestamp| type| source ---|---|--- 2026-03-26 19:26:19+00:00| published-proof-of-concept| Telegram/Dv-WNIQSBfenZP-L8llbvWNomtb7L7cuRFseuDShUkzpu6g...
GHSA-4773-3JFM-QMX3 vulnerabilities
Vulnerabilities for packages: nacos, apache-nifi-registry, thingsboard, camunda-zeebe, kafbat-ui-fips, camunda, kafbat-ui, apache-activemq-fips, nacos-docker, apache-activemq...
Replay Attack
Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack due to improper derivation of the replay key in the webhook-security.ts process. An attacker can bypass replay protection and submit multiple authenticated requests by...
GHSA-F9P7-3JQG-HHVQ
creationtimestamp| type| source ---|---|--- 2026-03-26 18:14:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/squid-security-advisory-av26-284...