PT-2026-25058

Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.12 and 8.6.38 contain security vulnerabilities. These vulnerabilities stem from unvalidated user identifier formats,...

CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

vaadin 安全漏洞

Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in versions of Vaadin prior to 14.14.0, 23.6.6,...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801

Summary of CVE-2026-28801 : Natro Macro (AutoHotkey-based macro for Bee Swarm Simulator) prior to version 1.1.0 executes any AHK code found inside pattern or path files. The root cause is code execution from shared pattern/path files, allowing an attacker to embed malicious code that runs with th...

EUVD-2026-10008

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

YARA-X 1.14.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

PT-2026-23654

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28357

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)

Summary OpenClaw tools.exec.safeBins had a stdin-only policy bypass for grep. If pattern input was supplied through -e / --regexp, the validator consumed the pattern as a flag value and still allowed one positional operand. That positional could be a bare filename like .env. Affected Packages /...

BIT-KIBANA-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

OSV-2026-341 Security exception in com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=488745540 Crash type: Security exception Crash state: com.codeintelligence.jazzer.sanitizers.RegexInjection.hookInternal com.codeintelligence.jazzer.sanitizers.RegexInjection.patternHook...

GHSA-VX5P-Q85X-XM3C NocoDB has Stored Cross-site Scripting via Formula Cell

Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...