Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/02/18 10:35 p.m.9 views

Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:34 p.m.13 views

Go Ethereum affected by DoS via malicious p2p message

Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...

7.5CVSS5.5AI score0.00578EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:33 p.m.20 views

uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120

The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sending pq keyshares. Only this fingerprint is affected since newer fingerprints have pq keyshares by default and older fingerprints have this extension...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:33 p.m.5 views

uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots

There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:31 p.m.9 views

LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

8.8CVSS6AI score0.04054EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:30 p.m.8 views

LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.8CVSS5.5AI score0.00238EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:30 p.m.11 views

LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

9.3CVSS6.7AI score0.0744EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:8 p.m.11 views

LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.7 views

LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.7 views

LibreNMS /device-groups name Stored Cross-Site Scripting

Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.6 views

LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

6.1CVSS5.5AI score0.00291EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:57 p.m.19 views

Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:51 p.m.7 views

Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path

Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...

8.4CVSS6.5AI score0.01233EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:50 p.m.12 views

Ghost has a SQL injection in Content API

Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. Vulnerable Versions This vulnerability is present in Ghost v3.24.0 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Note: as this...

9.4CVSS6.2AI score0.69996EPSS
Exploits7References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:45 p.m.8 views

Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde

Impact This is a remote code execution RCE vulnerability. Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file could execute arbitrary code when installed or required. All projects using this loading behavior are...

9.8CVSS6.5AI score0.0054EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 9:31 p.m.11 views

mingSoft MCMS does not properly restrict file uploads

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

7.2CVSS5.3AI score0.00362EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 6:30 p.m.10 views

OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 6:30 p.m.4 views

NLTK has a Zip Slip Vulnerability

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS6.6AI score0.0079EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.13 views

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.16 views

OpenClaw has an authentication bypass in sandbox browser bridge server

Summary openclaw could start the sandbox browser bridge server without authentication. When the sandboxed browser is enabled, openclaw runs a local loopback HTTP bridge that exposes browser control endpoints for example /profiles, /tabs, /tabs/open, /agent/. Due to missing auth wiring in the...

8.5CVSS5.6AI score0.00142EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.35 views

OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension

Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - sendMediaFeishumediaUrl - Feishu DocX markdown image URLs write/append - image processing Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or vi...

9.3CVSS5.6AI score0.00275EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:44 p.m.9 views

OpenClaw has a LFI in BlueBubbles media path handling

Summary The BlueBubbles extension accepted attacker-controlled local filesystem paths via mediaPath and could read arbitrary local files from disk before sending them as media attachments. Details When sendBlueBubblesMedia received a non-HTTP media source, the previous implementation resolved it ...

8.2CVSS5.7AI score0.00292EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:41 p.m.23 views

OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup

Summary OpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern. Affected Packages / Versio...

5.3CVSS5.5AI score0.00292EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:41 p.m.18 views

OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution

Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...

7.1CVSS5.7AI score0.00133EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:39 p.m.18 views

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

8CVSS5.6AI score0.012EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:38 p.m.11 views

OpenClaw has a path traversal in browser trace/download output paths may allow arbitrary file writes

Summary OpenClaw’s browser control API accepted user-supplied output paths for trace/download files without consistently constraining writes to OpenClaw-managed temporary directories. Impact If an attacker can access the browser control API, they could attempt to write trace/download output files...

9.1CVSS5.6AI score0.00425EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 5:37 p.m.15 views

OpenClaw has a Path Traversal in Browser Download Functionality

Summary OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads directory. This issue is not exposed via the AI agent tool schema no...

6.7CVSS5.5AI score0.00199EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.8 views

Jenkins has a build information disclosure vulnerability through Run Parameter

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...

4.3CVSS5.5AI score0.00333EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.8 views

Jenkins has a stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

8CVSS5.1AI score0.00505EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.27 views

Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS5.5AI score0.00379EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.8 views

NVIDIA NeMo Framework Deserializes Untrusted Data

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

7.8CVSS6.5AI score0.00187EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:31 p.m.6 views

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

8.8CVSS6.1AI score0.00521EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:25 p.m.8 views

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 3:24 p.m.14 views

Trivy Action has a script injection via sourced env file in composite action

Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...

8.1CVSS6.1AI score0.01298EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.24 views

OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway

Summary OpenClaw Gateway supports hook mappings with optional JavaScript/TypeScript transform modules. In affected versions, the gateway did not sufficiently constrain configured module paths before passing them to dynamic import. Under some configurations, a user who can modify gateway...

8.6CVSS6.2AI score0.00405EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.22 views

OpenClaw's unsanitized session ID enables path traversal in transcript file operations

Description OpenClaw versions = 2026.2.12 Fix Fixed by validating session IDs rejecting path separators / traversal sequences and enforcing sessions-directory containment for session transcript file operations. Fix Commits - 4199f9889f0c307b77096a229b9e085b8d856c26 Additional Hardening -...

8.4CVSS5.5AI score0.00136EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.11 views

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.5AI score0.00288EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:56 a.m.7 views

OpenClaw inter-session prompts could be treated as direct user instructions

Summary Inter-session messages sent via sessionssend could be interpreted as direct end-user instructions because they were persisted as role: "user" without provenance metadata. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.13 Impact A delegated or internal...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:56 a.m.8 views

Withdrawn Advisory: Libredesk has a SSRF Vulnerability in Webhooks

Reconsidered - Working as designed. Update 2026-05-28 Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full...

5.7AI score0.00061EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:55 a.m.16 views

OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)

Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...

8.8CVSS6AI score0.00465EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:55 a.m.13 views

OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication

Summary The optional Tlon Urbit extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery SSRF in affected deployments. Impact This only affects deployments that have installed and configured t...

8.3CVSS5.7AI score0.00242EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:54 a.m.18 views

OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled

Summary A Twilio webhook signature-verification bypass in the voice-call extension could allow unauthenticated webhook requests when a specific ngrok free-tier compatibility option is enabled. Impact This issue is limited to configurations that explicitly enable and expose the voice-call webhook...

6.5CVSS5.5AI score0.0029EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:54 a.m.27 views

OpenClaw Telegram allowlist authorization accepted mutable usernames

Summary Telegram allowlist authorization could match on @username mutable/recyclable instead of immutable numeric sender IDs. Impact Operators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands identity rebinding/spoof risk. Th...

6.9CVSS5.5AI score0.0021EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:54 a.m.25 views

OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting

Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. Affected Packages / Versions...

8.2CVSS5.6AI score0.003EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:53 a.m.10 views

OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...

7.1CVSS5.6AI score0.0014EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:53 a.m.8 views

OpenClaw affected by denial of service via unbounded webhook request body buffering

Summary Multiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability. Details Affected packages: - openclaw npm: 2026.2.12 - clawdbot npm:...

8.7CVSS5.7AI score0.00436EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:52 a.m.10 views

OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)

Summary Archive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows. Affected Packages / Versions - openclaw npm: = 2026.2.13 - clawdbot npm: = 2026.1.24-3 Details Affected component:...

6.7CVSS5.5AI score0.00319EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:52 a.m.9 views

OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks

Summary Base64-backed media inputs could be decoded into Buffers before enforcing decoded-size budgets. An attacker supplying oversized base64 payloads can force large allocations, causing memory pressure and denial of service. Attack Scenario Notes - Recommended deployments bind the gateway to...

7.5CVSS5.6AI score0.00274EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/02/18 12:51 a.m.8 views

OpenClaw affected by denial of service via unbounded URL-backed media fetch

Summary URL-backed media fetch handling allocated the entire response payload in memory arrayBuffer before enforcing maxBytes, allowing oversized responses to cause memory exhaustion. Affected Versions - openclaw npm: res.writeHead200,"content-type":"application/octet-stream";forlet...

8.7CVSS5.6AI score0.00426EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 12:51 a.m.11 views

OpenClaw Slack: dmPolicy=open allowed any DM sender to run privileged slash commands

Summary When Slack DMs are configured with dmPolicy=open, the Slack slash-command handler incorrectly treated any DM sender as command-authorized. This allowed any Slack user who could DM the bot to execute privileged slash commands via DM, bypassing intended allowlist/access-group restrictions...

9.8CVSS5.7AI score0.00347EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33268