Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the magnify when an unrecognized magnify:method value is provided. An attacker can cause a denial of service by triggering an out-of-bounds read during image processing. Remediation A fix was pushed into t...

CVE-2026-41061

creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:21+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-8pv3-29pp-pf8f...

GHSA-W8C4-C7R8-QGW2

creationtimestamp| type| source ---|---|--- 2026-04-14 23:21:40+00:00| published-proof-of-concept| Telegram/vFalP9cCg-kFoPrSdHM4ZH4qnLHRdngXJCuq8FbW2RkF4k...

CVE-2026-40594

creationtimestamp| type| source ---|---|--- 2026-04-14 21:24:21+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-mp82-fmj6-f22v...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

EUVD-2026-22359

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

CVE-2026-23653

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

GHSA-WJ62-C5GR-2X53

creationtimestamp| type| source ---|---|--- 2026-04-14 17:27:49+00:00| seen| Telegram/X69Hoh64i7djUBejuAQijXCf66JncuFnYRKez2YtZF33U...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

CVE-2026-23653

The CVE-2026-23653 vulnerability affects GitHub Copilot and the Visual Studio Code Copilot Chat Extension. It is described as an information disclosure caused by improper neutralization of special elements used in a command (command injection), potentially allowing an authorized user to disclose ...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

CVE-2026-40479

creationtimestamp| type| source ---|---|--- 2026-04-14 14:03:14+00:00| published-proof-of-concept| https://github.com/kimai/kimai/security/advisories/GHSA-g82g-m9vx-vhjg...

GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

GHSA-R4Q5-VMMM-2653

creationtimestamp| type| source ---|---|--- 2026-04-14 12:01:09+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mjhdhgn23o2t 2026-04-20 01:05:19+00:00| seen| https://gist.github.com/konard/dc529ad3e07305daab99c78bc17d7ea6 2026-04-24 12:00:56+00:00| seen|...

Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

Understanding and defending your GitHub Actions - from threat model to security controls...

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

GHSA-G985-WJH9-QXXC

creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...

CVE-2026-40313

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

EUVD-2026-22214

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...