Open Source Security Archives • Page 2 of 2 • Daily CyberSecurity

Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4) CVE-2026-24042 Appsmith Vulnerability CVE-2026-22794

Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4)

Do Son January 23, 2026

A critical security flaw has been discovered in Appsmith, the popular open-source platform used by organizations worldwide...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2026-0622: Hardcoded Secret Exposes Open5GS 5G Core Networks

Do Son January 22, 2026

A critical security flaw has been uncovered in Open5GS, a popular open-source implementation of 5G core network...

CVE-2025-65586: Libheif Flaw Exposes Image Decoders to Denial-of-Service libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

CVE-2025-65586: Libheif Flaw Exposes Image Decoders to Denial-of-Service

Do Son January 21, 2026

A new vulnerability has been discovered in libheif, a widely used open-source library for decoding modern image...

Crypto Foundation Cracked: One-Byte Overflow in GNU libtasn1 (CVE-2025-13151) XCharge C6 vulnerabilities EV charger security flaws GNU libtasn1 Vulnerability CVE-2025-13151 Credit Card Skimmer Malware CVE-2024-13892

XCharge C6 vulnerabilities EV charger security flaws GNU libtasn1 Vulnerability CVE-2025-13151 Credit Card Skimmer Malware CVE-2024-13892

Crypto Foundation Cracked: One-Byte Overflow in GNU libtasn1 (CVE-2025-13151)

Do Son January 21, 2026

A potentially dangerous vulnerability has been uncovered in GNU libtasn1, a foundational software library used by countless...

Search Engine Exposed: Apache Solr Flaws Leak Data & Bypass Auth Apache Solr CVE-2022-39135 Apache Solr Vulnerabilities CVE-2026-22444

Search Engine Exposed: Apache Solr Flaws Leak Data & Bypass Auth

Do Son January 21, 2026

Apache Solr administrators are being urged to update their instances immediately following the disclosure of two moderate-severity...

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Do Son January 15, 2026

A critical security vulnerability has been found in Cal.com, the popular open-source scheduling platform used by individuals...

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover CVE-2026-24042 Appsmith Vulnerability CVE-2026-22794

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover

Do Son January 14, 2026

A critical vulnerability has been discovered in Appsmith, the popular open-source platform used by organizations to build...

CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow zlib Vulnerability CVE-2026-22184

CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow

Do Son January 12, 2026

A critical vulnerability has been discovered in zlib, the lossless data-compression engine used on “virtually any computer...

Critical Wget2 Flaws Expose Users to Arbitrary File Overwrites and Memory Crashes GNU Wget2, Path Traversal

Critical Wget2 Flaws Expose Users to Arbitrary File Overwrites and Memory Crashes

Do Son January 2, 2026

GNU Wget2, the modern successor to the ubiquitous command-line download tool, has been hit with a double...

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control

Do Son December 31, 2025

The Apache Software Foundation has released a critical fix for StreamPipes, its self-service Industrial IoT toolbox designed...

“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything

Do Son December 25, 2025

A new investigation by Koi Security has exposed a highly sophisticated supply chain attack lurking in the...

CVE-2025-59789: Critical Flaw in Apache bRPC Framework Exposes High-Performance Systems to Crash Risks Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

Apache bRPC Vulnerability CVE-2025-60021 Apache bRPC, CVE-2025-59789 Apache bRPC, Redis Vulnerability

CVE-2025-59789: Critical Flaw in Apache bRPC Framework Exposes High-Performance Systems to Crash Risks

Do Son December 1, 2025

A critical vulnerability has been unearthed in Apache bRPC, an industrial-grade RPC framework widely used to power...

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers PyPI malware, Solana developers

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Do Son May 15, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this...

Critical Open Source Library ‘easyjson’ Linked to Russian VK Group easyjson, supply chain security

Critical Open Source Library ‘easyjson’ Linked to Russian VK Group

Do Son May 7, 2025

Hunted Labs has uncovered that a widely used open source library—easyjson—is maintained and controlled by developers associated...

CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure

Do Son May 1, 2025

A critical security vulnerability has been disclosed in vLLM, a popular open-source library used for high-performance inference...

Malicious Packages Stealing Crypto Credentials: A Warning for Developers npm package, crypto drainer Malicious Packages Cryptocurrency Theft

npm package, crypto drainer Malicious Packages Cryptocurrency Theft

Malicious Packages Stealing Crypto Credentials: A Warning for Developers

Do Son April 23, 2025

The Socket Threat Research Team has exposed three malicious open-source packages masquerading as developer tools — designed...

Top Cybersecurity Tools for 2025 Cybersecurity Tools Penetration Testing

Top Cybersecurity Tools for 2025

Do Son April 16, 2025

As cyber threats grow more sophisticated, so do the tools defenders use to counter them. In 2025,...

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration

Do Son March 24, 2025

vLLM, a popular library for Large Language Model (LLM) inference and serving, has recently addressed a critical...

2018 Open Source Security and Risk Analysis Report: Each codebase contains an average of 64 vulnerabilities

Do Son July 6, 2018

Synopsys recently released the Black Duck Report on 2018 Open Source Security and Risk Analysis, which provides an in-depth...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Open Source Security

Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4)

CVE-2026-0622: Hardcoded Secret Exposes Open5GS 5G Core Networks

CVE-2025-65586: Libheif Flaw Exposes Image Decoders to Denial-of-Service

Crypto Foundation Cracked: One-Byte Overflow in GNU libtasn1 (CVE-2025-13151)

Search Engine Exposed: Apache Solr Flaws Leak Data & Bypass Auth

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Critical Appsmith Flaw CVE-2026-22794 Allows Account Takeover

CVE-2026-22184 (CVSS 9.3): Critical zlib Flaw Opens Door to Global Buffer Overflow

Critical Wget2 Flaws Expose Users to Arbitrary File Overwrites and Memory Crashes

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control

“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything

CVE-2025-59789: Critical Flaw in Apache bRPC Framework Exposes High-Performance Systems to Crash Risks

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Critical Open Source Library ‘easyjson’ Linked to Russian VK Group

CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure

Malicious Packages Stealing Crypto Credentials: A Warning for Developers

Top Cybersecurity Tools for 2025

Critical Remote Code Execution Vulnerability in vLLM via Mooncake Integration

2018 Open Source Security and Risk Analysis Report: Each codebase contains an average of 64 vulnerabilities