SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a SQL injection vulnerability that stems from the operation of the parameter User in the file /success.php, which could lead to SQL injection...

PT-2026-43081

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo that stems from the incorrect handling of symbolic links in a crate tarball downloaded from a third-party registry, which could lead to a malicious crate overwriting the source...

PT-2026-43034

Name of the Vulnerable Software and Affected Versions SourceCodester Simple POS and Inventory System version 1.0 Description A remote SQL injection is possible due to improper manipulation of the Name argument within an unknown function in the '/user/search.php' endpoint. SQL injection is a type ...

CVE-2026-7385

creationtimestamp| type| source ---|---|--- 2026-05-24 22:29:44+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mmmzaara5x2c...

CVE-2026-6059

creationtimestamp| type| source ---|---|--- 2026-05-24 22:00:00+00:00| seen| https://jvn.jp/en/jp/JVN69049186 2026-06-20 22:58:54+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3moqxh6mqnc25...

CVE-2026-38908

creationtimestamp| type| source ---|---|--- 2026-05-24 14:57:32+00:00| seen| https://gist.github.com/iamthana/e5d36a822218cf8e659c4de041a3c32d...

CVE-2026-9360

creationtimestamp| type| source ---|---|--- 2026-05-24 09:00:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmllz5x2pp2m...

CVE-2026-9356

CVE-2026-9356 affects SourceCodester Hospitals Patient Records Management System 1.0. The vulnerability is a SQL injection in the /admin/patients/manage_history.php endpoint, exploitable via manipulation of the argument ID. It is described as exploitable remotely and the exploit is publicly discl...

CVE-2026-9295

creationtimestamp| type| source ---|---|--- 2026-05-24 00:00:38+00:00| seen| https://infosec.exchange/users/offseq/statuses/116626609621458470...

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

vBulletin 代码注入漏洞

vBulletin is an open-source web forum software based on PHP and MySQL developed by vBulletin Inc. Version vBulletin 6.x has a code injection vulnerability, which stems from improper operation of the Login component and may lead to cross-site scripting attacks...

PT-2026-45896

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

PostCSS 安全漏洞

PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS 7.1.1 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the toString function in the file/src/selectors/container.js component AST serialization, which...

CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

CVE-2026-8851

creationtimestamp| type| source ---|---|--- 2026-05-23 17:30:52+00:00| seen| https://bsky.app/profile/cyberowi.pl/post/3mmjy2wwqxc2j...

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...

[SECURITY] Fedora 42 Update: firefox-151.0-2.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive...

CVE-2026-6898

creationtimestamp| type| source ---|---|--- 2026-05-23 06:51:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmiudlcyml2k 2026-06-06 11:02:52+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mnmivyrxak2z...