open-source
188 articles with this tag
INFO
CRITICAL
INFO
CRITICAL
HIGH
INFO
CRITICAL
CRITICAL
INFO
INFO
INFO
MEDIUM
CRITICAL
CRITICAL
HIGH
INFO
INFO
HIGH
INFO
INFO
CRITICAL
MEDIUM
HIGH
INFO
INFO
INFO
INFO
INFO
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
INFO
HIGH
INFO
CRITICAL
CRITICAL
HIGH
HIGH
INFO
INFO
HIGH
MEDIUM
MEDIUM
HIGH
CRITICAL
HIGH
CRITICAL
HIGH
LOW
MEDIUM
INFO
INFO
INFO
INFO
LOW
LOW
INFO
INFO
LOW
INFO
CRITICAL
LOW
MEDIUM
INFO
INFO
INFO
LOW
INFO
INFO
INFO
INFO
MEDIUM
CRITICAL
INFO
INFO
INFO
LOW
INFO
HIGH
INFO
HIGH
CRITICAL
MEDIUM
MEDIUM
HIGH
MEDIUM
MEDIUM
INFO
INFO
HIGH
INFO
MEDIUM
MEDIUM
ThinkPad firmware reverse-engineering toolchain: archived Lenovo BIOS → named SoC pads, EC analysis, CVE diffs, coreboot/OpenCore port scaffolding
Exploit Code Published for Critical Flowise RCE Vulnerability
Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet - SWN #585
[NEU] [UNGEPATCHT] [kritisch] Gogs: Schwachstelle ermöglicht Codeausführung
[NEU] [hoch] vllm: Schwachstelle ermöglicht Codeausführung
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
Open source project contains hidden instruction for “AI” agents: delete my code
IBM and Red Hat are betting $5 billion that open source needs a security guard
‘Cracked Oura’ Is an App For Using the Oura Ring Without the Monthly Subscription
GlassWorm falls, but the repo problem is far from solved
[NEU] [hoch] Budibase: Mehrere Schwachstellen ermöglichen Manipulation von Dateien
[NEU] [hoch] Fleet: Mehrere Schwachstellen
[NEU] [mittel] Znuny: Mehrere Schwachstellen
Hottest cybersecurity open-source tools of the month: May 2026
California amendment would exempt Linux from age verification law
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
Apple makes its quantum-resistant encryption open source
Vigolium: Open-source vulnerability scanner
Millions of AI agents imperiled by critical vulnerability in open source package
The Hackers Behind Shai-Hulud: Lucky or Skilled?
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
OpenHack: Open-source AI-powered vulnerability research
Could Suddenly-Great Open Source AI Crash the US Economy?
Microsoft open-sources tools for designing and testing AI agents
Flipper One project needs community help to build open Linux platform
Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow
[NEU] [mittel] MongoDB: Schwachstelle ermöglicht Denial of Service
[NEU] [mittel] NetBSD Foundation NetBSD OS: Mehrere Schwachstellen ermöglichen Denial of Service
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
[NEU] [hoch] Joplin: Mehrere Schwachstellen
[NEU] [hoch] Budibase: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
[NEU] [mittel] MailPit: Mehrere Schwachstellen
[NEU] [mittel] vim: Mehrere Schwachstellen ermöglichen Codeausführung
[NEU] [hoch] Flowise: Mehrere Schwachstellen ermöglichen Codeausführung
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
PraisonAI vulnerability gets scanned within 4 hours of disclosure
KDE gets over €1 million investment to strengthen security and core infrastructure
[NEU] [mittel] Composer: Schwachstelle ermöglicht Offenlegung von Informationen
Sandyaa: Open-source autonomous security bug hunter
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
[NEU] [hoch] pgAdmin: Mehrere Schwachstellen
[NEU] [hoch] Bitwarden: Mehrere Schwachstellen
[NEU] [hoch] dnsmasq: Mehrere Schwachstellen
OpenBSD and slopcode: raindrop to a torrent?
Red Hat extends open source technology into space
[NEU] [hoch] KDE Kdenlive und Okular: Mehrere Schwachstellen
[NEU] [mittel] Apache Airflow Providers OpenSearch und Elasticsearch: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen
[NEU] [mittel] Budibase: Schwachstelle ermöglicht Offenlegung von Informationen
[NEU] [hoch] Rancher Fleet Helm Deployer: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
[NEU] [hoch] PgBouncer: Mehrere Schwachstellen
[NEU] [hoch] vm2: Schwachstelle ermöglicht Codeausführung
[NEU] [hoch] LangChain: Schwachstelle ermöglicht Manipulation von Dateien und Offenlegung von Informationen
[NEU] [niedrig] expat: Schwachstelle ermöglicht Denial of Service
[NEU] [UNGEPATCHT] [mittel] jq: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Rustinel: Open-source endpoint detection for Windows and Linux
Securing CI/CD for an open source project: lessons from Cilium
Product showcase: NetGuard open-source firewall for Android
Redox gets partial window pixel updating, tmux, and more
[NEU] [niedrig] OpenBao: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Brush shell 0.4.0 tightens script safety, widens platform support
Pipelock: Open-source AI agent firewall
Cisco Releases Open Source Tool for AI Model Provenance
Cisco releases open-source toolkit for verifying AI model lineage
Warp open sources its AI terminal client
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Linux storage management tool Stratis 3.9.0 adds online encryption and cache-less pool startup
[NEU] [mittel] LangChain (openai, text-splitters): Mehrere Schwachstellen ermöglichen Offenlegung von Informationen und SSRF-Umgehung
25 open-source cybersecurity tools that don’t care about your budget
Hot take: AI's not going to kill open source code security
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
[UPDATE] [niedrig] libxml2: Schwachstelle ermöglicht Denial of Service
PentAGI: Open-source autonomous AI penetration testing system
This AI Tool Rips Off Open Source Software Without Violating Copyright
From Bulk Export to AI-ready Security Workflows: Introducing Rapid7’s Open-Source MCP Server and Agent Skill
Product showcase: Syncthing for secure, private file synchronization
SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
Linux 7.0 released
ZeroID: Open-source identity platform for autonomous AI agents
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
Project Glasswing and open source software: The good, the bad, and the ugly
[NEU] [hoch] helm: Mehrere Schwachstellen
[NEU] [hoch] MISP: Mehrere Schwachstellen
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
[NEU] [mittel] LangChain: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
[NEU] [mittel] xwiki: Schwachstelle ermöglicht Codeausführung
[NEU] [mittel] Fleet: Schwachstelle ermöglicht Privilegieneskalation
Microsoft suspends dev accounts for high-profile open source projects
Asqav: Open-source SDK for AI agent governance
Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates
Social engineering attacks on open source developers are escalating
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
[NEU] [UNGEPATCHT] [mittel] libarchive: Schwachstelle ermöglicht Denial of Service
[NEU] [mittel] vllm: Mehrere Schwachstellen