view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities stem from the fact that the preview routing does not verify...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the forced activation of debugging mode in single-file mode, allowing the leakage of the file’s absolute path and complete byte...

SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the source mapping and debugging file searching mechanisms, which did not limit the scope of the projects. A...

Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

PT-2026-43404

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/trigger id is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

PT-2026-43430

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random bytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

RHEL 8 : dnsmasq (RHSA-2026:20589)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20589 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

CVE-2026-34659

creationtimestamp| type| source ---|---|--- 2026-05-25 22:34:04+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mmpjwsdpzk24...

CVE-2026-34660

creationtimestamp| type| source ---|---|--- 2026-05-25 22:34:04+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mmpjwsdpzk24...

CVE-2026-27886

creationtimestamp| type| source ---|---|--- 2026-05-25 19:21:31+00:00| seen| https://bsky.app/profile/packetstorm.bsky.social/post/3mmp76mk5ju2w 2026-06-01 21:00:04+00:00| seen| Telegram/1dYzfg1XM2qRQo76hZ2Pm0Eu0GEAxaWJiFzUmqdHimB0E 2026-06-08 21:00:04+00:00| published-proof-of-concept|...

CVE-2021-21735

creationtimestamp| type| source ---|---|--- 2026-05-25 19:10:00+00:00| seen| https://bsky.app/profile/r-netsec.bsky.social/post/3mmp6j7lche2v 2026-05-27 00:19:21+00:00| seen| https://bsky.app/profile/hacker.at.thenote.app/post/3mmsac3s46k2g 2026-05-28 06:07:07+00:00| seen|...

CVE-2026-9484

Affected software : SourceCodester Student Grades Management System 1.0. Vulnerability : In classroom.php, the functions getClassroomStudents and removeStudentFromClassroom can be manipulated by altering the classroom_id argument, leading to improper authorization. The issue is exploitable remote...

MAL-2026-4670 Malicious code in skills-detector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...

GHSA-F9F8-RM49-7JV2

creationtimestamp| type| source ---|---|--- 2026-05-25 18:03:54+00:00| seen| https://bsky.app/profile/winsontang.com/post/3mmp2tsdeu62f...

CVE-2026-9473

A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. Th...

CVE-2026-33712

creationtimestamp| type| source ---|---|--- 2026-05-25 17:00:04+00:00| seen| https://t.me/GithubRedTeam/85856 2026-05-25 19:00:11+00:00| seen| Telegram/u353QQC82id8CE3exVt8JuaCPTA2e4vaac9ku63kUT5lYfk 2026-05-25 21:00:04+00:00| seen| Telegram/DE8V0W55Lks0xFUNDp9UGyNB0T-CRSwfpeIrdYc5V2Tnj4...

CVE-2026-9467

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

CVE-2026-9468

A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be...