PT-2026-48514

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

BoxLite 安全漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite 0.8.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from using a...

PT-2026-48513

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

Erlang/OTP 信息泄露漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Erlang/OTP versions 3.0.1 to 6.0.1, 5.5.2.1, and 5.2.11.8 have a vulnerability known as information leakage. This vulnerability stems from the SSHFXPREADLI...

S2OPC OPC UA Toolkit 信任管理问题漏洞

S2OPC OPC UA Toolkit is an open-source development toolkit for OPC UA communication, developed by Systerel. The S2OPC OPC UA Toolkit has a trust management vulnerability, which stems from improper comparison with a list of trusted certificates. This vulnerability may cause well-formatted, untrust...

crawlee 代码问题漏洞

Crawlee is an open-source web scraping and browser automation library developed by Apify. Versions of Crawlee from 1.0.0 to 1.7.0 had code vulnerabilities. These vulnerabilities stemmed from URLs generated using site maps, which could lead to server-side request forgeing attacks...

Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the agent-API middleware, which, when processing JWT tokens,...

Can Open-Source LLM Agents Replace Static Application Security Testing Tools? an Empirical Assessment

This paper explores the value of agentic AI tools for cybersecurity purposes. We evaluate the efficacy of a general-purpose GenAI Large Language Model- GenAI- based agent when powered by three different Ollama-hosted general-purpose open source models. We assess each agent's performance using...

XML External Entity (XXE) Injection

Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...

GHSA-55HG-8QXV-QJ4P

creationtimestamp| type| source ---|---|--- 2026-06-09 23:41:37+00:00| seen| https://gist.github.com/alon710/8fd39736c139424c0b6f1dacb91f586a...

CVE-2026-47955

creationtimestamp| type| source ---|---|--- 2026-06-09 23:01:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvchp5ryl2u...

CVE-2026-34713

creationtimestamp| type| source ---|---|--- 2026-06-09 23:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvcg34ysg2n...

CVE-2026-34711

creationtimestamp| type| source ---|---|--- 2026-06-09 23:00:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvcflawlb2n 2026-06-10 02:03:22+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnvmmyg4nr2a...

GHSA-MRHX-6PW9-Q5FH

creationtimestamp| type| source ---|---|--- 2026-06-09 22:51:34+00:00| seen| https://gist.github.com/alon710/f640ae703fe7932b0c10bae26e654477...

CVE-2026-47930

creationtimestamp| type| source ---|---|--- 2026-06-09 22:27:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvaketsgc2v 2026-06-10 09:01:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwdxh5ab625 2026-06-15 19:37:06+00:00| seen|...

CVE-2026-47938

creationtimestamp| type| source ---|---|--- 2026-06-09 22:17:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv7yh5zg627 2026-06-10 07:01:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnw5bdy7s42s...

CVE-2026-36934

creationtimestamp| type| source ---|---|--- 2026-06-09 22:15:53+00:00| seen| https://gist.github.com/OxBat/67c10534910e1409e04ae923c38fca2b...

CVE-2026-47932

creationtimestamp| type| source ---|---|--- 2026-06-09 22:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv7gj4vo52e 2026-06-10 07:00:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnw5b3mdyo27 2026-06-15 17:07:07+00:00| seen|...

CVE-2026-47929

creationtimestamp| type| source ---|---|--- 2026-06-09 22:02:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv76t5dy62y 2026-06-10 09:01:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwdx7bjkc2n 2026-06-15 18:37:07+00:00| seen|...

CVE-2026-47908

creationtimestamp| type| source ---|---|--- 2026-06-09 22:01:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv74zhxah2s...