GHSA-53MR-6C8Q-9789 vulnerabilities

Vulnerabilities for packages: litellm, airflow...

jwt-exploit-toolkit

JWT Exploit Toolkit !Pythonhttps://img.shields.io/badge/Py...

H4C-WEB

H4C-WEB !/bin/bash =======================================...

CVE-2026-39934

creationtimestamp| type| source ---|---|--- 2026-04-08 00:46:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix2xmk7qc2d...

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

Hayabusa 跨站脚本漏洞

Hayabusa is an open-source Windows event log forensic and threat hunting tool developed by Yamato Security. Versions prior to Hayabusa 3.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML report outputs that had the same cross-site scripting vulnerabilities,...

GitLab Enterprise Edition（EE） 代码注入漏洞

GitLab Enterprise Edition EE is a content management system developed by the American company GitLab. Versions of GitLab Enterprise Edition prior to 18.8.9, 18.9.5, and 18.10.3 contained a code injection vulnerability. This vulnerability stemmed from authorization issues in the code quality repor...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006752 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrigreportversion in ntrigreportversion, hdev...

PT-2026-31465

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

PT-2026-31553

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed tool report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit h...

PT-2026-31464

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQ Vault.py artifact parser that uses attacker-controlled file name from values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

PT-2026-31328

Name of the Vulnerable Software and Affected Versions QD 20230821 affected versions not specified Description QD 20230821 is susceptible to a Server-side request forgery SSRF condition. This occurs when a crafted request is processed, allowing for potential unauthorized access or actions on...

Android Logs Events And Protobuf Parser 路径遍历漏洞

Android Logs Events And Protobuf Parser is a tool developed by Brigs’ personal developer for parsing Android logs and protocol buffers. Versions of Android Logs Events And Protobuf Parser 3.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the NQVault.py...

CVE-2026-39937

creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:44+00:00| seen| Telegram/6bLFJGC-3U2uX2XtN90OcJAyTS9ndxhmaOcnguxEO8P60w 2026-04-08 00:51:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix3akyep42i...

CVE-2026-35390

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

Missing Report of Error Condition

Overview Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An attacker can cause the system to incorrectly report successful verification of attestations with malformed payloads or...

Missing Report of Error Condition

Overview Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An attacker can cause the system to incorrectly report successful verification of attestations with malformed payloads or...

CVE-2026-5741 suvarchal docker-mcp-server HTTP index.ts pull_image os command injection

A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...

CVE-2026-39341

ChurchCRM (open-source church management) is affected by CVE-2026-39341 due to a time-based SQL injection in the Reports/ConfirmReportEmail.php?familyId= endpoint before version 7.1.0. The vulnerability stems from improper input validation and sanitisation where the sanitised input is not used in...

CVE-2026-39341 SQL injection in ChurchCRM.0

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...