CVE-2026-33816 CVE-2026-33816 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5...

GO-2026-4736 GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute in github.com/osrg/gobgp

GoBGP vulnerable to a denial of service via the NEXTHOP path attribute in github.com/osrg/gobgp...

GO-2026-4772 CVE-2026-33816 in github.com/jackc/pgx

Memory-safety vulnerability in github.com/jackc/pgx/v5...

GO-2026-4790 Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats

Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service in github.com/elastic/beats...

GO-2026-4886 Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus

Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus...

GO-2026-4885 Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus

Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus...

GO-2026-4882 Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus

Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus...

GO-2026-4881 Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus

Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus...

The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira...

GHSA-C427-H43C-VF67 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, kserve, airflow, checkov, open-webui, dask-kubernetes, py3-cassandra-medusa...

GHSA-M5QP-6W8W-W647 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, kserve, airflow, checkov, open-webui, dask-kubernetes, py3-cassandra-medusa...

Emissary 命令注入漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a command injection vulnerability. This vulnerability stemmed from shell injection points in the GitHub Actions workflow files. User-controlled...

PT-2026-31009

Name of the Vulnerable Software and Affected Versions dbt affected versions not specified Description dbt allows data analysts and engineers to transform data using software engineering practices. A command injection issue exists in the workflow located at...

GHSA-2WVG-62QM-GJ33

creationtimestamp| type| source ---|---|--- 2026-04-06 21:21:26+00:00| published-proof-of-concept| Telegram/xKxKUYX0BRejEqYlrURXsjCQY9BctYcoeewNmSMWqY7riM...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2023-27997 XORtigate Detection System نظام آلي للكشف عن...

GHSA-RRVG-CXH4-QHRV vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

GHSA-6326-W46W-PPJW

creationtimestamp| type| source ---|---|--- 2026-04-06 19:29:44+00:00| seen| Telegram/RmP7l-K41x9UoCBscD5W8eizA4yDJaPJqAKKOeWwXNyu-8...

GHSA-V8X3-W674-55P5

creationtimestamp| type| source ---|---|--- 2026-04-06 19:29:29+00:00| published-proof-of-concept| Telegram/0wjdVVOdHVRh-NR-AUdnOvXJcqqbi6lE8Vl80iGy2s6Zy0...

GHSA-WC4H-2348-JC3P

creationtimestamp| type| source ---|---|--- 2026-04-06 19:29:09+00:00| seen| Telegram/t1F-Vxaulmn07lvg5ppSTSOssGvqtwkUpkkBVUVRjFPlk...

CVE-2026-27124

A flaw was found in FastMCP and FastMCP OAuthProxy. The OAuthProxy, used for GitHub OAuth authentication, does not properly validate a user's consent after receiving an authorization code from GitHub. This, combined with GitHub's behavior of skipping the consent page for previously authorized...