GO-2026-4491 Unauthenticated Admission Webhook Endpoints in Yoke ATC in github.com/yokecd/yoke

Unauthenticated Admission Webhook Endpoints in Yoke ATC in github.com/yokecd/yoke...

GO-2026-4444 OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva

OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva...

GO-2026-4436 EVE Has Partially Predetermined Vault Key in github.com/lf-edge/eve

EVE Has Partially Predetermined Vault Key in github.com/lf-edge/eve...

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol MCP server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Serv...

poc-test-vulnerability

poc-test-vulnerab...

CVE-2026-26992

creationtimestamp| type| source ---|---|--- 2026-02-17 00:35:22+00:00| published-proof-of-concept| https://github.com/librenms/librenms/security/advisories/GHSA-93fx-g747-695x...

GHSA-W487-9R9P-6P96 vulnerabilities

Vulnerabilities for packages: gitlab-runner, gitlab-pages-fips, gitlab-rails-ce-fips, gitlab-runner-fips...

CVE-2025-70948

creationtimestamp| type| source ---|---|--- 2026-02-15 12:47:42+00:00| seen| https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e 2026-03-05 21:52:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdrtj6ysh2y 2026-03-07 15:39:54+00:00| seen|...

CVE-2026-1721

creationtimestamp| type| source ---|---|--- 2026-02-14 20:10:24+00:00| seen| https://gist.github.com/alon710/4a05fc141b95fe55d99c8d4280da70ac 2026-02-14 20:25:04+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3metu46houi2u...

CVE-2026-22892

creationtimestamp| type| source ---|---|--- 2026-02-14 19:40:27+00:00| seen| https://gist.github.com/alon710/d06bb6ea8a46910fb2bfdaafee30c81f 2026-02-14 19:55:35+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3metshhj2462a 2026-02-15 09:03:22+00:00| seen|...

CVE-2026-26201

creationtimestamp| type| source ---|---|--- 2026-02-14 03:15:16+00:00| published-proof-of-concept| https://github.com/jm33-m0/emp3r0r/security/advisories/GHSA-f5p9-j34q-pwcc...

GHSA-WJ8P-JJ64-H7FF

creationtimestamp| type| source ---|---|--- 2026-02-13 12:40:08+00:00| seen| https://gist.github.com/alon710/3d1e0c676fd161e289838724b2e46b8f...

Security Updates for Microsoft Visual Studio Products (February 2026)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execu...

GHSA-435G-FCV3-8J26

creationtimestamp| type| source ---|---|--- 2026-02-12 23:10:24+00:00| seen| https://gist.github.com/alon710/b39938f3d43a4854f3d6fd693d202b4e...

GHSA-PX4R-G4P3-HHQV

creationtimestamp| type| source ---|---|--- 2026-02-12 21:40:23+00:00| seen| https://gist.github.com/alon710/d01a7eedfc71c05885cd1abab59c3272...

Inspecting the Source of Go Modules

Go has indisputably the best package integrity story of any programming language ecosystem. The Go Checksum Database guarantees that every Go client in the world is using the same source for a given Go module and version, forever. It works despite the decentralized nature of Go modules, which can...

GHSA-CFH3-3JMP-RVHC

creationtimestamp| type| source ---|---|--- 2026-02-12 00:25:06+00:00| seen| https://seclists.org/oss-sec/2026/q1/162 2026-02-12 04:10:06+00:00| seen| https://gist.github.com/alon710/8164d166b74f218576799553a77db1a5...

CVE-2026-21518

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-21257

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network...