CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

WWW::OAuth 1.000 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

CVE-2026-26020 AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...

PYSEC-2026-33

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

CVE-2026-26216

Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...

Inspecting the Source of Go Modules

Go has indisputably the best package integrity story of any programming language ecosystem. The Go Checksum Database guarantees that every Go client in the world is using the same source for a given Go module and version, forever. It works despite the decentralized nature of Go modules, which can...

CVE-2026-23856

Dell iDRAC Service Module iSM for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module iSM for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

CVE-2026-23856

Dell iDRAC Service Module iSM for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module iSM for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

CVE-2026-23856

Dell iDRAC Service Module iSM for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module iSM for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

CVE-2026-23856

Dell iDRAC Service Module iSM for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module iSM for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...

CVE-2026-23856

Dell iDRAC Service Module (iSM) for Windows (<6.0.3.1) and Linux (

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

CVE-2025-56647

Affected product: npm @farmfe/core

Vulnerability in contrib module (CVE-2026-2007)

PostgreSQL pgtrgm heap buffer overflow writes pattern onto server memory Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the...

Vulnerability in contrib module (CVE-2026-2004)

PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a...

Dell iDRAC Service Module 访问控制错误漏洞

The Dell iDRAC Service Module is a lightweight software module developed by the American company Dell. It is designed to enhance the functionality of iDRAC Integrated Dell Remote Access Controller on Dell PowerEdge servers. There were access control vulnerabilities in versions of the Dell iDRAC...

PT-2026-7810

Dell iDRAC Service Module iSM for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module iSM for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to...