OWASP BLT 安全漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.1 contained security vulnerabilities. These vulnerabilities were caused by a remote code execution issue in the.github/workflows/regenerate-migrations.yml...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.12 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from unvalidated user ownership, which could allow malicious remote...

Pachno 代码问题漏洞

Pachno is an open-source collaboration platform developed by Pachno. Version 1.0.6 of Pachno contains code vulnerabilities; these vulnerabilities stem from ineffective file upload filtering, which could allow the upload of arbitrary files and execution of remote code...

PT-2026-30989

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

[SECURITY] Fedora 42 Update: mapserver-8.4.1-3.fc42

MapServer is an Open Source platform for publishing spatial data and interactive mapping applications to the web...

Dromara Lamp-Cloud 授权问题漏洞

Dromara Lamp-Cloud is an open-source rapid development platform for microservices, built using Jdk11, SpringCloud, and SpringBoot. Versions of Dromara Lamp-Cloud 5.8.1 and earlier have a licensing issue vulnerability, which stems from improper authorization in the pageUser function...

GHSA-6HPG-8RX3-CWGV

creationtimestamp| type| source ---|---|--- 2026-03-31 03:17:00+00:00| published-proof-of-concept| Telegram/bbla1pabQ6PMuVKeZ-DwTmBlqOcXGSdR93YlyGpOXR1ezik...

PT-2026-29364

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo is an open source video platform. A debug endpoint, test.php, within the StripeYPT plugin is accessible to all logged-in users, not just administrators. This endpoint processes Stripe...

PT-2026-29365

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo is an open source video platform. Versions 26.0 and earlier allow any uploader to set a video’s status to any valid state, including "active", through the overrideStatus request parameter. This...

CVE-2026-33764

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...

CVE-2026-34375

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the $REQUEST'plugin' parameter into a JavaScript block without any encoding or sanitization. The plugin parameter is not included in any of the...

Fleet 代码问题漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained code...

Fleet 授权问题漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...

PT-2026-27188

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.1 Description AVideo is an open source video platform. Versions up to and including 26.0 have an issue in the password recovery endpoint at objects/userRecoverPass.php. This endpoint performs user existence and...

PT-2026-27191

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the...

EUVD-2026-13488

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

CVE-2026-30885

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

[SECURITY] Fedora 42 Update: pgadmin4-9.12-2.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

PT-2026-22397

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.9.0 Description The Dify API exhibits differing responses when queried for existing and non-existent accounts, potentially enabling an attacker to enumerate email addresses registered with the Dify platform. This issue...

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the admin method in the market module, which reads grmode from $REQUEST and assigns it to $this-mode. As a result, all...