n.eko 输入验证错误漏洞

n.eko is a self-hosted virtual browser developed by Miroslav Šedivý, using Docker and WebRTC. Versions 3.0.0 to 3.0.10, as well as 3.1.0 to 3.1.1, have vulnerabilities related to input validation. These vulnerabilities allow any authenticated user to instantly gain complete control over the entir...

Tekton Pipelines 安全漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. There are security vulnerabilities in versions 0.43.0 to 1.11.0 of Tekton Pipelines. These vulnerabilities stem from improper regular expression matching, which could allow attackers to bypass resource verification...

Decidim 安全漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.19.0 to 0.30.5 and 0.31.1 contained security vulnerabilities. These vulnerabilities stemmed from allowing any registered and authenticated user to accept or reject any amendment,...

Oracle GoldenGate 安全漏洞

Oracle GoldenGate is a comprehensive software package developed by Oracle Corporation in the United States, used for real-time data integration and replication in IT environments. This product supports real-time data integration, transaction-based change data capture, data services, transformatio...

Electric SQL注入漏洞

Electric is an open-source Postgres real-time data synchronization engine developed by Electric. Versions of Electric from 1.1.12 to 1.5.0 contained a SQL injection vulnerability. This vulnerability stemmed from the orderby parameter in the /v1/shape API, which allowed incorrect SQL injections...

PT-2026-34152

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

Tekton Pipelines 参数注入漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. In versions 1.0.0 to 1.11.0 of Tekton Pipelines, there is a parameter injection vulnerability. This vulnerability stems from the fact that the revision parameter of the git resolver is passed directly as a positional...

EUVD-2026-23899

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

CVE-2026-26944

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

ai.chronon:flink_2.12 (>=0.0.62 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:online_2.11 (>=0.0.25 <=revert-391-thread-0.0.24) +6967 more potentially affected by CVE-2026-33558 via org.apache.kafka:kafka-clients (>=0.11.0.0 <=3.9.1)

org.apache.kafka:kafka-clients MAVEN version =0.11.0.0, =0.0.62, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.86, =0.0.86, =0.0.1, =0.0.1, =0.0.8, =0.0.6, =1.0.6, =1.0.6, =0.0.2, =0.3.0 and more Source cves: CVE-2026-33558 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16300072...

CVE-2025-13480 Incorrect authorization in Fudo Enterprise

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

agentverse (=0.1.8.1), airoboros (=2.1.1) +35 more potentially affected by CVE-2026-6608 via fschat (>=0.2.2 <=0.2.36)

fschat PYPI version =0.2.2, =0.3.0, =0.0.1, =1.1.0, =0.1.1, =0.1.1, =0.9.0.8, =0.1.1, =0.1.8 and more Source cves: CVE-2026-6608 Source advisory: OSV:GHSA-F3Q6-69F3-VWCH...

agentverse (=0.1.8.1), airoboros (=2.1.1) +35 more potentially affected by CVE-2026-6607 via fschat (>=0.2.2 <=0.2.36)

fschat PYPI version =0.2.2, =0.3.0, =0.0.1, =1.1.0, =0.1.1, =0.1.1, =0.9.0.8, =0.1.1, =0.1.8 and more Source cves: CVE-2026-6607 Source advisory: SNYK:PYTHON-FSCHAT-16301528...

PT-2026-33851

Name of the Vulnerable Software and Affected Versions glibc versions 2.7 through 2.43 Description Calling the scanf family of functions using a %mc malloc'd character match with a format width specifier that has an explicit width greater than 1024 can lead to a one byte heap buffer overflow...

dagster-duckdb-pandas (>=0.17.3 <=0.29.0), dagster-duckdb-polars (>=0.17.21 <=0.29.0) +6 more potentially affected by CVE-2026-41490 via dagster-duckdb (>=0.17.21 <=0.29.0)

dagster-duckdb PYPI version =0.17.21, =0.17.3, =0.17.21, =0.17.3, =0.1.1, =0.1.0, =0.1.0, =0.1.1 - lung-sarg =1.0.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERDUCKDB-16109580...

dagster-duckdb-pandas (>=0.16.13 <=0.29.0), dagster-duckdb-polars (>=0.17.21 <=0.29.0) +6 more potentially affected by CVE-2026-41490 via dagster-duckdb (>=0.16.13 <=0.29.0)

dagster-duckdb PYPI version =0.16.13, =0.16.13, =0.17.21, =0.16.13, =0.1.1, =0.1.0, =0.1.0, =0.1.1 - lung-sarg =1.0.0 Source cves: CVE-2026-41490 Source advisory: OSV:GHSA-MJW2-V2HM-WJ34...

CVE-2026-40479 Kimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget

Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +15 more potentially affected by CVE-2026-43526 via openclaw (>=0.0.1 <=2026.4.11)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 and more Source cves: CVE-2026-43526 Source advisory: OSV:GHSA-2767-2Q9V-9326...

GHSA-R77C-2CMR-7P47 OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Summary Delivery queue recovery could lose group tool-policy context for media replay. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 = 2026.4.14 Impact Recovered queued outbound media could be replayed without the original session context neede...

amdonov.ospackage-init:amdonov.ospackage-init.gradle.plugin (>=0.1.0 <=0.5.0), app.cash.backfila:client-misk-dynamodb (>=0.1.3-20210127.1838-76ab4fc <=0.1.4-20210806.0204-5341f38) +1646 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15on (>=1.46 <=1.70)

org.bouncycastle:bcpg-jdk15on MAVEN version =1.46, =0.1.0, =0.1.3-20210127.1838-76ab4fc, =0.1.3-20210127.1838-76ab4fc, =2023.06.07.114626-93b9d6f, =0.1.3-20210127.1838-76ab4fc, =0.1.4-20220614.0152-5ae0eef, =1.0.0-M6, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1-M3, =0.0.1-M19 and more...