The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on...

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

PT-2026-29738

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...

PT-2026-29930

Ella Core panics when processing a crafted NGAP LocationReport message in github.com/ellanetworks/core...

vLLM 输入验证错误漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.5.5 and 0.18.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from inconsistencies in the audio mono downmi...

Progress Flowmon 操作系统命令注入漏洞

Progress Flowmon is a real-time network traffic monitoring tool developed by Progress Corporation. Versions of Progress Flowmon prior to 12.5.8 contained an operating system command injection vulnerability. This vulnerability stemmed from requests created by authenticated, low-privilege users...

CVE-2026-32143

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

CVE-2026-23410

creationtimestamp| type| source ---|---|--- 2026-04-01 11:20:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3migl4llo3z2q 2026-04-02 17:36:56+00:00| seen| Telegram/Mrl-2X1DMgxtaU5XSUN4IbsWrdS8894u2WS0LqzSL2HMbhg 2026-04-02 17:37:03+00:00| seen|...

CVE-2026-5235

creationtimestamp| type| source ---|---|--- 2026-04-01 02:38:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mifnxzyxzp2g...

PT-2026-29535

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

EUVD-2026-17719

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow HBO in CIccApplyCmmSearch::costFunc can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an...

CVE-2026-23210

creationtimestamp| type| source ---|---|--- 2026-03-31 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/redhat-linux-kernel-multiple-vulnerabilities20260401 2026-06-01 17:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/redhat-linux-kernel-multiple-vulnerabilities20260602...

EUVD-2026-17548

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...

CVE-2026-2123

CVE-2026-2123 describes a local privilege escalation in Windows where the Operations Agent (versions

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

🔍 CVE-2026-3055 Scanner - NetScaler Memory Overread Detection...

CVE-2026-33579

creationtimestamp| type| source ---|---|--- 2026-03-31 14:48:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miegc5clyl24 2026-03-31 16:29:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mielw2yxsd2r 2026-03-31 17:24:58+00:00| seen|...

EUVD-2026-17277

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-4020

Gravity SMTP for WordPress versions up to 2.1.4 exposes a REST endpoint at /wp-json/gravitysmtp/v1/tests/mock-data whose permission_callback always returns true, allowing unauthenticated access. When the ?page=gravitysmtp-settings parameter is used, register_connector_data() populates internal da...

CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...